Hjælp kan ikke downloade HijackThis

Er det en firewall der er problemet?

Jeg har ikke installeret firewall. Kun standardprogram installeret på computer ved køb:Trust Antivirus Scan

har fået råd om at sende HijackThis loggen, så jeg kunne få hjælp til at "rense ud"

er du blevet renset? og har du fået hentet hijackthis?

Kan du downloade HiJackThis på en anden computer og overføre den til den virusplagede computer på en diskette ?

HiJackThis er downloaded fra anden computer og log er udskrevet

Ok, smider du den ind, så vi kan se på den ?

Scan saved at 23:29:56, on 07-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\crss.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\entgfcqb.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\temp\msbb.exe
C:\WINDOWS\pcpyz.exe
C:\Programmer\Web_Rebates\WebRebates0.exe
C:\Programmer\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\wuauclt.exe
F:\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=151770
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=151770
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=151770
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=8116
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programmer\ISTbar\istbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Controlled Resource System Service] crss.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [mjlofgcyzvbna] C:\WINDOWS\System32\entgfcqb.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [pcpyz] C:\WINDOWS\pcpyz.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [Controlled Resource System Service] crss.exe
O4 - HKLM\..\RunOnce: [Controlled Resource System Service] crss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Controlled Resource System Service] crss.exe
O4 - HKCU\..\RunOnce: [Controlled Resource System Service] crss.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Web Rebates - file://C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=0824f4a67a93ca5634671762a46ea8457eaca3bcb42569267db9b8592bf65ac13e8818875eb4bc7d30c34be2035810989f658b63:6aab353c5451c65e8dabb9ec24c7b353
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB

Der er lidt af hvert. Du får en procedure om 5-10 minutter ..

Hent denne Kaspersky scanner, den skal du bruge senere.
http://www.mwti.net/antivirus/free_utilities.asp - Virusscanner.

Så skal du genstarte pc'en i fejlsikret tilstand. Klik F8 under opstart.

Gå i tilføj/fjern programmer i kontrol panelet og afinstaller BullsEye Network.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, slet mapper og filer listet nederst.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=151770
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=151770
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=151770
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programmer\ISTbar\istbar.dll
O4 - HKLM\..\Run: [Controlled Resource System Service] crss.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [mjlofgcyzvbna] C:\WINDOWS\System32\entgfcqb.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [pcpyz] C:\WINDOWS\pcpyz.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [Controlled Resource System Service] crss.exe
O4 - HKLM\..\RunOnce: [Controlled Resource System Service] crss.exe
O4 - HKCU\..\Run: [Controlled Resource System Service] crss.exe
O4 - HKCU\..\RunOnce: [Controlled Resource System Service] crss.exe
O8 - Extra context menu item: Web Rebates - file://C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=0824f4a67a93ca5634671762a46ea8457eaca3bcb42569267db9b8592bf65ac13e8818875eb4bc7d30c34be2035810989f658b63:6aab353c5451c65e8dabb9ec24c7b353
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB

---------------------------------------
Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Alle filer og mapper"
Klik på "Avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup
C:\Programmer\ISTbar
C:\Programmer\ISTsvc
C:\Program Files\Internet Optimizer
C:\Program Files\Windows SyncroAd
C:\Programmer\Web_Rebates

Filer:
C:\WINDOWS\nem219.dll
C:\WINDOWS\mxTarget.dll
C:\WINDOWS\localNRD.dll
C:\WINDOWS\2_0_1browserhelper2.dll
C:\WINDOWS\wsem302.dll
C:\WINDOWS\System32\entgfcqb.exe
c:\temp\msbb.exe
C:\WINDOWS\pcpyz.exe
C:\WINDOWS\conscorr.exe
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\crss.exe

---------------------------------------
Så kører du engangsskanneren fra Kaspersky - Aktiver det hele i opsætningen derinde, så den kan skanne alt igennem.
---------------------------------------

Genstart normalt og kom med en ny log til kontrol

Hvis ikke du kan downloade og køre scanneren, så spring over dette punkt og udfør blot HiJackThis delen og sletningen af filer og mapper.

Hermed ny log til check. Jeg har ikke slettet mapper og filer som foreslået. Kan ikke finde dem!!!???
Logfile of HijackThis v1.98.2
Scan saved at 01:43:29, on 08-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\crss.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\entgfcqb.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\temp\msbb.exe
C:\Programmer\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Web_Rebates\WebRebates0.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Web_Rebates\WebRebates1.exe
F:\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=8116
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [giprhpn] C:\WINDOWS\System32\entgfcqb.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Web Rebates - file://C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

BullsEye Network fik du vist ikke afinstalleret.

Hent denne Kaspersky scanner, den skal du bruge senere.
http://www.mwti.net/antivirus/free_utilities.asp - Virusscanner.

Så skal du genstarte pc'en i fejlsikret tilstand. Klik F8 under opstart.

Gå i tilføj/fjern programmer i kontrol panelet og afinstaller BullsEye Network.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, slet mapper og filer listet nederst.
Dobbelttjek, så alt kommer med.

O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [giprhpn] C:\WINDOWS\System32\entgfcqb.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [giprhpn] C:\WINDOWS\System32\entgfcqb.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"

---------------------------------------
Sletning af filer og mapper:
Åbn en stifinder og find og slet flg filer og mapper:
-------------------
Mapper:
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup
C:\Programmer\ISTbar
C:\Programmer\ISTsvc
C:\Program Files\Internet Optimizer
C:\Program Files\Windows SyncroAd
C:\Programmer\Web_Rebates

Filer:
C:\WINDOWS\nem219.dll
C:\WINDOWS\mxTarget.dll
C:\WINDOWS\localNRD.dll
C:\WINDOWS\2_0_1browserhelper2.dll
C:\WINDOWS\wsem302.dll
C:\WINDOWS\System32\entgfcqb.exe
c:\temp\msbb.exe
C:\WINDOWS\pcpyz.exe
C:\WINDOWS\conscorr.exe
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\crss.exe

---------------------------------------
Så kører du engangsskanneren fra Kaspersky - Aktiver det hele i opsætningen derinde, så den kan skanne alt igennem.
---------------------------------------

Genstart normalt og kom med en ny log til kontrol

Kunne ikke afinstallere BullsEye Network og ikke slette alle nævnte filer og mapper. Fulgt dine anbefalinger og sluttet af med virusscan ved Kaspersky. Her er den nye log
Logfile of HijackThis v1.98.2
Scan saved at 22:37:48, on 09-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
F:\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=8116
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Web Rebates - file://C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

Flot !

Der er en enkelt ting tilbage, men ellers fik du det hele denne gang.

Luk alle vinduer foruden HiJackThis og fix denne:
O8 - Extra context menu item: Web Rebates - file://C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

Efter en genstart burde den være væk fra loggen.

Du behøver ikke at komme med en ny log til kontrol.

Du kan evt installere nogle af programmerne i spywarefri pakken..de er alle små, konflikter ikke og er meget effektive mod snavs af den slags du lige har været angrebet af.

Specielt anbefaler vi Spybot,spywareblaster, IE-Spyad og spywareguard.
Se mere i "pakken" her
http://www.spywarefri.dk/pakken.htm

Sidste fil er slettet og jeg har installeret sygate firewall. Jeg har stadig eTrust antivirusprogram. I forbindelse med ovenstående procedurer er indstillingen for min browser ikke korrekt mere. Jeg kan ikke logge på netbank eller åbne min yahoo mail

Der er ikke noget af det vi har fjernet der burde give disse problemer.
Er instillingerne i Firewall'en korrekte ?
Kan du se denne side, som er fyldt med java: www.novell.com ?

Prøv også at slette midlertidige internet filer, gøres ved at trykke Funktioner | internet indstillinger, slet filer under midlertidige internetfiler. Sig ja til at slette alt offline indhold.

Midlertidige internetfiler slettet. Jeg kan se siden www.novell.com. Hvor skal jeg checke om indstillinger for firewall er korrekte? Jeg har haft disse problemer inden jeg installerede sygate

Prøv lige at deaktivere Sygate og se om det gør, at du kan komme på netbank og yahoo mail. Så ved vi med sikkerhed om det er denne, der giver problemet.

Sorry, jeg læste ikke din sidste kommentar ordentligt.
Problemerne var der inden du installerede Sygate, som du åbenbart har afinstalleret igen, siden den ikke kan ses i loggen.

Prøv at gå ind under Funktioner | internetindstillinger, fanebladet sikkerhed. Marker internet og klik knappen Standardniveau. Tilføj begge websteder i "Websteder du har tillid til".
På fanebladet avanceret, klikker du knappen Gendan standarder. Klik anvend og ok, genstart og se om det hjalp.

Tilføjet standardniveau samt websteder: http:\\mail.yahoo.com og http:\\www.nordea.dk. Derefter genstartet uden resultat.

Hvilken fejl får du ?
Blank skærm, eller "siden kan ikke vises" ?

Nordea: Siden vises med giver denne medd. ved log in på netbank:
Din browser er ikke indstillet korrekt
Yahoo:Siden vises med giver denne medd. ved sign in:
The browser refuses to sign in (cookies rejected)

Prøv at gå ind under fanebladet "Beskyttelse af personlige oplysninger". Det er her du kan give tilladelse til cookies, og jeg tror det er samme fejl på begge sider.
På siden kan du prøve at tilføje de 2 steder under knappen websteder, eller alternativt klikke Avanceret og tillade alle cookies.

Jeg har stadig problemer. Vil du lige checke min log. Har scannet med Kaspersky forinden.
Logfile of HijackThis v1.98.2
Scan saved at 21:33:38, on 28-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\AVPersonal\AVSched32.EXE
G:\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=8116
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmer\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Programmer\AVPersonal\AVSched32.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

Den er stadig ren.

Hej! Når jeg scanner via antiwir får jeg medd. om 31 stk. virus, som den ikke kan slette. Kan du se hvad jeg skal gøre ud fra denne rapport

Creation date of the report file:  6. november 2004  08:03

AntiVir®/XP (2000 + NT) Personal Edition v6.28.00.07 of 14.10.2004
VDF file v6.28.0.59 (0) of 05.11.2004


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.


Scanning for 92610 virus strains and unwanted programs.

Licensed for:  AntiVir Personal Edition
Serial number: 0000149996-ADJIE-0001
FUSE:            Basic license

Please enter the workstation and
contact name with phone number in this form:

Name        ___________________________________________

Street      ___________________________________________

Town        ___________________________________________

Phone/Fax  ___________________________________________

EMail      ___________________________________________

Platform:        Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 2)
Username:        Jytte Kræmer
Computername:    ZAZU
Processor:      Pentium
Working memory:  523756 KB free

Version information:
AVWIN.DLL      : v6.28.00.07    561192  19.10.2004  13:17:16
AVEWIN32.DLL  : v6.28.0.12      569856  28.10.2004  18:34:58
AVGNT.EXE      : v6.28.00.01    127016  19.10.2004  13:17:12
AVGUARD.EXE    : v6.28.00.07    241704  19.10.2004  13:17:12
GUARDMSG.DLL  : v6.28.00.02      94248  19.10.2004  13:17:16
AVGCMSG.DLL    : v6.28.00.01    262184  19.10.2004  13:17:12
AVGNTDD.SYS    : v6.28.02.01      31984  19.10.2004  13:17:12
AVPACK32.DLL  : v6.28.0.2      294952  19.10.2004  13:17:12
AVGETVER.DLL  : v6.22.00.00      24576  17.03.2004  14:01:44
AVWIN.DLL      : v6.28.00.07    561192  19.10.2004  13:17:16
AVSHLEXT.DLL  : v6.22.00.00      57344  17.03.2004  14:02:00
AVSched32.EXE  : v6.28.00.00    110672  19.10.2004  13:17:16
AVSched32.DLL  : v6.28.00.02    122880  19.10.2004  13:17:16
AVREG.DLL      : v6.27.00.01      41000  19.10.2004  13:17:14
AVRep.DLL      : v6.28.00.22    729128  04.11.2004  15:29:26
INETUPD.EXE    : v6.28.00.07    200704  19.10.2004  13:17:16
INETUPD.DLL    : v6.28.00.07    143360  19.10.2004  13:17:16
CTL3D32.DLL    : v2.31.000        27136  16.09.2002  13:00:00
MFC42.DLL      : v6.02.4131.0    1028096  27.08.2004  01:53:36
MSVCRT.DLL    : v7.0.2600.2180 (xpsp_sp2_rtm.0408
MSVCRT.DLL    : v7.0.2600.2180    343040  27.08.2004  01:53:40
CTL3DV2.DLL    : No information

Configuration file:

Name of configuration file: C:\Programmer\AVPersonal\AVWIN.INI
Name of report file:        C:\Programmer\AVPersonal\LOGFILES\AVWIN.LOG
Start path:                C:\Programmer\AVPersonal
Command line:              /ah /bask /ns
Start mode:                Selected drives

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
    Output file: AVWIN.ACT
    Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[X] All files
[ ] Program files

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOCUME~1\JYTTEK~1\LOKALE~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[ ] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
C: Hard disk
D: Hard disk
E: Hard disk
F: CD-ROM
G: CD-ROM
I: Floppy drive
J: Floppy drive
K: Floppy drive
L: Floppy drive

Start of scan:  6. november 2004  08:03

Memory test                          OK
Master boot record of hard disk HD0  OK
Master boot record of hard disk HD1 
      The record could not be read!
      Error code: 0x0015
Master boot record of hard disk HD2 
      The record could not be read!
      Error code: 0x0015
Master boot record of hard disk HD3 
      The record could not be read!
      Error code: 0x0015
Master boot record of hard disk HD4 
      The record could not be read!
      Error code: 0x0015
Boot record of drive C:            OK
Boot record of drive D:            OK
Boot record of drive E:            OK

Drive: C:
Volume ID: BOOT  Serial No.: 20BA-7204
C:\
  hiberfil.sys
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  pagefile.sys
      Access denied! Error during file opening!
      This is a Windows swap file. This file is locked by Windows.
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson
  user.dmp
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\Documents and Settings\Jytte Kræmer
  NTUSER.DAT
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  ntuser.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Application Data\Microsoft\Windows
  UsrClass.dat
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  UsrClass.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temp
  alchem.cab
  ArchiveType: CAB (Microsoft)
    --> alchem.exe
        [DETECTION] The Trojan horse TR/Dldr.Alchemic
  conscorr.cab
  ArchiveType: CAB (Microsoft)
    --> conscorr.exe
        [DETECTION] The Trojan horse TR/Dldr.Stubby.C
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temp\THI27BF.tmp
  localNrd.cab
  ArchiveType: CAB (Microsoft)
    --> polall1l.exe
        [DETECTION] The Trojan horse TR/Dldr.Krepper.3
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temp\THI51CE.tmp
  preInsTT.exe
      The file contains signature of the PMS/Dldr.Krepper.1 program and was suppressed by the user.
  twaintec.cab
  ArchiveType: CAB (Microsoft)
    --> preInsTT.exe
        The file contains signature of the PMS/Dldr.Krepper.1 program and was suppressed by the user.
    --> polall1m.exe
        [DETECTION] Contains signature of the worm Worm/Rbot.IQ.03
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temp\THI54CA.tmp
  preInsTT.exe
      The file contains signature of the PMS/Dldr.Krepper.1 program and was suppressed by the user.
  twaintec.cab
  ArchiveType: CAB (Microsoft)
    --> preInsTT.exe
        The file contains signature of the PMS/Dldr.Krepper.1 program and was suppressed by the user.
    --> polall1m.exe
        [DETECTION] Contains signature of the worm Worm/Rbot.IQ.03
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temporary Internet Files\Content.IE5\C1E7GD6J
  avlxwks[1].tar
  ArchiveType: GZ
    --> avlxwks[1].tar
        ArchiveType: TAR (tape archiver)
      --> antivir-workstation-2.0.9\bin\antivir
          NOTE! Unexpected end of block
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temporary Internet Files\Content.IE5\GDY345QF
  btype=36&adpos=1&combo=0&country%3Ddk%26affiliate%3Djubii%26ch%3Dsearch%26grp%3Dsearch%26svc%3Djubiisearch%26kw%3D[1].dk%2Fresultater%2F&ord=1099724585
      Access denied! Error during file opening!
      Error code: 0x0002
      WARNING! Access error/file locked!
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temporary Internet Files\Content.IE5\K4HNURB3
  btype=36&adpos=1&combo=0&country%3Ddk%26affiliate%3Djubii%26ch%3Dsearch%26grp%3Dsearch%26svc%3Djubiisearch%26kw%3D[1].dk%2Fresultater%2F&ord=1099724512
      Access denied! Error during file opening!
      Error code: 0x0002
      WARNING! Access error/file locked!
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temporary Internet Files\Content.IE5\KH2VC9MF
  fuse[1].zip
  ArchiveType: ZIP
      NOTE! No files to extract.
C:\Documents and Settings\LocalService
  NTUSER.DAT
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  ntuser.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows
  UsrClass.dat
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  UsrClass.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\Documents and Settings\NetworkService
  NTUSER.DAT
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  ntuser.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows
  UsrClass.dat
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  UsrClass.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
Error! Could not change directory: System Volume Information
C:\WINDOWS
  preInsTT.exe
      The file contains signature of the PMS/Dldr.Krepper.1 program and was suppressed by the user.
C:\WINDOWS\$NtUninstallKB824141$
  user32.dll
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  win32k.sys
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\WINDOWS\$NtUninstallKB828035$
  msgsvc.dll
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  wkssvc.dll
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\WINDOWS\$NtUninstallQ828026$
  msdxm.ocx
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  wmp.dll
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\WINDOWS\system32\config
  default
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  default.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  SAM
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  SAM.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  SECURITY
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  SECURITY.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  software
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  software.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  system
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  system.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!

Drive: D:
Volume ID: BACKUP  Serial No.: D042-2572
Error! Could not change directory: System Volume Information

Drive: E:
Volume ID: RECOVER  Serial No.: A43D-6F2D

End of scan:  6. november 2004  08:29
Time taken:        26:02 min


3809 directories were scanned
100399 files were scanned
  33 warning messages were issued
  0 files were deleted
  0 files were repaired
  5 detections

Almindelig oprydning vil fjerne dem alle bortset fra en enkelt.
Slet indholdet af denne mappe:
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temp
Alt indholdet, ikke selve mappen !

Slet midlertidige internetfiler. Det gør du i Internet explorer | funktioner | internet instillinger | Slet filer, ca midt på siden, sig ja til at slette alt offline indhold.

Slet denne fil:
C:\WINDOWS\preInsTT.exe

Hvis du ikek kan komme til at slette filerne, så gør det i fejlsikret tilstand, hvor filerne ikke er låst. (tryk F8 under opstart)

Hej! Har nu 13 fejlmeddelelser. Vil du checke rappport.
Dette efter Antivir og syggate er installeret påny samt efter at have udført procedure som foreslået.

Creation date of the report file:  7. november 2004  16:13

AntiVir®/XP (2000 + NT) Personal Edition v6.28.00.07 of 14.10.2004
VDF file v6.28.0.59 (0) of 05.11.2004


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.


Scanning for 92610 virus strains and unwanted programs.

Licensed for:  AntiVir Personal Edition
Serial number: 0000149996-ADJIE-0001
FUSE:            Basic license

Please enter the workstation and
contact name with phone number in this form:

Name        ___________________________________________

Street      ___________________________________________

Town        ___________________________________________

Phone/Fax  ___________________________________________

EMail      ___________________________________________

Platform:        Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 2)
Username:        Jytte Kræmer
Computername:   
Processor:     
Working memory:  523756 KB free

Version information:
AVWIN.DLL      : v6.28.00.07    561192  19.10.2004  14:17:16
AVEWIN32.DLL  : v6.28.0.12      569856  07.11.2004  10:20:10
AVGNT.EXE      : v6.28.00.01    127016  19.10.2004  14:17:12
AVGUARD.EXE    : v6.28.00.07    241704  19.10.2004  14:17:12
GUARDMSG.DLL  : v6.28.00.02      94248  19.10.2004  14:17:16
AVGCMSG.DLL    : v6.28.00.01    262184  19.10.2004  14:17:12
AVGNTDD.SYS    : v6.28.02.01      31984  19.10.2004  14:17:12
AVPACK32.DLL  : v6.28.0.2      294952  19.10.2004  14:17:12
AVGETVER.DLL  : v6.22.00.00      24576  17.03.2004  15:01:44
AVWIN.DLL      : v6.28.00.07    561192  19.10.2004  14:17:16
AVSHLEXT.DLL  : v6.22.00.00      57344  17.03.2004  15:02:00
AVSched32.EXE  : v6.28.00.00    110672  19.10.2004  14:17:16
AVSched32.DLL  : v6.28.00.02    122880  19.10.2004  14:17:16
AVREG.DLL      : v6.27.00.01      41000  19.10.2004  14:17:14
AVRep.DLL      : v6.28.00.22    729128  07.11.2004  10:20:16
INETUPD.EXE    : v6.28.00.07    200704  19.10.2004  14:17:16
INETUPD.DLL    : v6.28.00.07    143360  19.10.2004  14:17:16
CTL3D32.DLL    : v2.31.000        27136  16.09.2002  13:00:00
MFC42.DLL      : v6.02.4131.0    1028096  27.08.2004  01:53:36
MSVCRT.DLL    : v7.0.2600.2180 (xpsp_sp2_rtm.0408
MSVCRT.DLL    : v7.0.2600.2180    343040  27.08.2004  01:53:40
CTL3DV2.DLL    : No information

Configuration file:

Name of configuration file: C:\Programmer\AVPersonal\AVWIN.INI
Name of report file:        C:\Programmer\AVPersonal\LOGFILES\AVWIN.LOG
Start path:                C:\Programmer\AVPersonal
Command line:             
Start mode:                  unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
    Output file: AVWIN.ACT
    Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
    Extensions:  .386 .ACM .ADE .ADP .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PIF .PKG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOCUME~1\JYTTEK~1\LOKALE~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
C: Hard disk
D: Hard disk
E: Hard disk
F: CD-ROM
G: CD-ROM
I: Floppy drive
J: Floppy drive
K: Floppy drive
L: Floppy drive

Start of scan:  7. november 2004  16:13

Memory test                          OK
Master boot record of hard disk HD0  OK
Master boot record of hard disk HD1 
      The record could not be read!
      Error code: 0x0015
Master boot record of hard disk HD2 
      The record could not be read!
      Error code: 0x0015
Master boot record of hard disk HD3 
      The record could not be read!
      Error code: 0x0015
Master boot record of hard disk HD4 
      The record could not be read!
      Error code: 0x0015
Boot record of drive C:            OK
Boot record of drive D:            OK
Boot record of drive E:            OK
Boot record of drive I:           
      The record could not be read!
      Error code: 0x0057
Boot record of drive J:           
      The record could not be read!
      Error code: 0x0057
Boot record of drive K:           
      The record could not be read!
      Error code: 0x0057
Boot record of drive L:           
      The record could not be read!
      Error code: 0x0057


C:\
  hiberfil.sys
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  pagefile.sys
      Access denied! Error during file opening!
      This is a Windows swap file. This file is locked by Windows.
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\Documents and Settings\Jytte Kræmer\Lokale indstillinger\Temporary Internet Files\Content.IE5\W3BJQCPD
  ave32[1].zip
  ArchiveType: ZIP
      NOTE! No files to extract.
Error! Could not change directory: System Volume Information
C:\WINDOWS\$NtUninstallKB824141$
  user32.dll
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  win32k.sys
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\WINDOWS\$NtUninstallKB828035$
  msgsvc.dll
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  wkssvc.dll
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\WINDOWS\$NtUninstallQ828026$
  msdxm.ocx
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  wmp.dll
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\WINDOWS\SoftwareDistribution\EventCache
  {B420C11D-E7F4-4682-A604-5D44C842CAB9}.bin
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\WINDOWS\system32\config
  default
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  SAM
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  SECURITY
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  software
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  system
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!


Error! Could not change directory: System Volume Information







End of scan:  7. november 2004  16:29
Time taken:        16:42 min


3819 directories were scanned
64551 files were scanned
  14 warning messages were issued
  0 files were deleted
  0 files were repaired
  0 detections

Loggen er helt fin. Der er intet at komme efter. Der er en del filer den ikke kan scanne fordi de er låst og det er helt ok. for det er windows systemfiler, som er aktive i hukommelsen.