Notifikationer

Markér alle som læst Log ud

flashdevil Nybegynder

23. april 2005 - 18:24 Der er 8 kommentarer og
2 løsninger

Spyware ballade

Hejsa er der en venlig sjæl som vil kigge min hijack log igennm.

Min IE er helt til rotterne med seachbar og start side og jeg får reklame popups i tide og ud tide.

Har kørt spybot.

Her er den så (sorry den er lidt lang)

Logfile of HijackThis v1.99.1
Scan saved at 18:21:19, on 23-04-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache\Apache\Apache.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\ccxgui\ccXservice.exe
C:\apache\Apache\Apache.exe
C:\Programmer\ccxgui\ccxstream.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
c:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\intmonp.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmer\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\henrik\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchmaid.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchmaid.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmaid.com/bar/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmaid.com/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmaid.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchmaid.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchmaid.com/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmaid.com/bar/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmaid.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmaid.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchmaid.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchmaid.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchmaid.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchmaid.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchmaid.com/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchmaid.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchmaid.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com.tw/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\henrik\Application Data\Mozilla\Profiles\default\382kiz9r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\docntrop.dll (file missing)
O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pccguide.exe] "c:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "c:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IHTWINCINEMAMGR] C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Microsoft AntiSpyware helper - {E5A4D263-689F-4A56-859C-A7C90A303868} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E5A4D263-689F-4A56-859C-A7C90A303868} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {E5A4D263-689F-4A56-859C-A7C90A303868} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E5A4D263-689F-4A56-859C-A7C90A303868} - C:\WINDOWS\System32\wldr.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/tuma/web/axe/x.chm::/update.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A87064-8890-4CA9-8D02-2DC80C2ECC02}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA64CB47-9C7A-4061-88CA-1042131F0FD4}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D3490E-9DED-43F4-BF80-11003B09C8C0}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{D05DDF15-FDFD-45CA-BB7D-3DE4F8AB82C6}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{03A87064-8890-4CA9-8D02-2DC80C2ECC02}: NameServer = 69.50.184.85,195.225.176.37
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\apache\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ccXgui - [XC]D-Ice - C:\Programmer\ccxgui\ccXservice.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - c:\Programmer\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - c:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Synes godt om

arlet Juniormester

23. april 2005 - 18:35 #1

tjekker den nu

Synes godt om

flashdevil Nybegynder

23. april 2005 - 18:38 #2

tusind tak

Synes godt om

arlet Juniormester

23. april 2005 - 18:57 #3

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchmaid.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchmaid.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmaid.com/bar/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmaid.com/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmaid.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchmaid.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchmaid.com/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmaid.com/bar/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmaid.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmaid.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchmaid.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchmaid.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchmaid.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchmaid.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchmaid.com/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchmaid.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchmaid.com/

F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe

O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\docntrop.dll (file missing)
O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL

O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot

O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/tuma/web/axe/x.chm::/update.exe

--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

--------------------------------------------------------------------

Find og slet manuelt i fejlsikret(f8 ved opstart):

C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\msmsgs.exe

----------------------------------------------------------

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

----------------------------------------------------------

Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.

Synes godt om

flashdevil Nybegynder

23. april 2005 - 19:00 #4

okay det prøver jeg..igen tak for hjælpen :-)

Synes godt om

flashdevil Nybegynder

23. april 2005 - 20:10 #5

Hejsa nu har jeg fulgt din anvisning:

Her er hvad mwav.exe fandt:

File C:\WINDOWS\System32\dosxpd.exe tagged as not-a-virus:AdWare.Msnagent.a. No Action Taken.
File C:\WINDOWS\System32\diantzpt.exe infected by "Trojan.Win32.DNSChanger.i" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\audissrp.exe infected by "Trojan-Clicker.Win32.Agent.cn" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\autodmfp.exe infected by "Trojan-Dropper.Win32.Agent.gp" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\System32\chkntfsfat.exe infected by "Trojan.Win32.StartPage.vt" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\dosxpd.exe tagged as not-a-virus:AdWare.Msnagent.a. No Action Taken.
File C:\WINDOWS\system32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\wt\wtvh.dll tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken.
File C:\Programmer\Virtual Maid\Virtual Maid.dll tagged as not-a-virus:AdWare.ToolBar.MaidBar.a. No Action Taken.
File C:\System Volume Information\_restore{CF7C4B47-F736-4A25-9A72-D1702C607CEF}\RP172\A0019708.dll tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken.
File C:\System Volume Information\_restore{CF7C4B47-F736-4A25-9A72-D1702C607CEF}\RP172\A0019761.exe infected by "Trojan.Win32.DNSChanger.i" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{CF7C4B47-F736-4A25-9A72-D1702C607CEF}\RP172\A0019762.exe infected by "Trojan-Clicker.Win32.Agent.cn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{CF7C4B47-F736-4A25-9A72-D1702C607CEF}\RP172\A0019763.exe infected by "Trojan-Dropper.Win32.Agent.gp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{CF7C4B47-F736-4A25-9A72-D1702C607CEF}\RP172\A0019764.exe infected by "Trojan.Win32.StartPage.vt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{CF7C4B47-F736-4A25-9A72-D1702C607CEF}\RP172\A0019765.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: File Deleted.
File D:\All_MyFlashFiles\flashtools\ftoolfcltv5\ssaver.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Og her er den NYE Highjackthis log fil:

Logfile of HijackThis v1.99.1
Scan saved at 20:03:33, on 23-04-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache\Apache\Apache.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\ccxgui\ccXservice.exe
C:\apache\Apache\Apache.exe
C:\Programmer\ccxgui\ccxstream.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
c:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Programmer\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\henrik\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com.tw/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\henrik\Application Data\Mozilla\Profiles\default\382kiz9r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pccguide.exe] "c:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "c:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IHTWINCINEMAMGR] C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Security iGuard] C:\Programmer\Security iGuard\Security iGuard.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {E5A4D263-689F-4A56-859C-A7C90A303868} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E5A4D263-689F-4A56-859C-A7C90A303868} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A87064-8890-4CA9-8D02-2DC80C2ECC02}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA64CB47-9C7A-4061-88CA-1042131F0FD4}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D3490E-9DED-43F4-BF80-11003B09C8C0}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{D05DDF15-FDFD-45CA-BB7D-3DE4F8AB82C6}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{03A87064-8890-4CA9-8D02-2DC80C2ECC02}: NameServer = 69.50.184.85,195.225.176.37
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\apache\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ccXgui - [XC]D-Ice - C:\Programmer\ccxgui\ccXservice.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - c:\Programmer\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - c:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Det er ud til at seach baren og start siden er væk fra IE.

Jeg har dog stadig 3 genveje på mit skrivebord som er:

Online dating
Online Pharmacy
Spyware Removal

og så er der et program som hedder "Security IGuard" som starter op hver gang jeg starter windows, men det er måske noget der skal være der ?

mvh

/Henrik

Synes godt om

arlet Juniormester

23. april 2005 - 20:36 #6

Ja, denne havde jeg overset i den første log, så du må på den igen.

Fix i hijackthis:
O4 - HKLM\..\Run: [Security iGuard] C:\Programmer\Security iGuard\Security iGuard.exe

find og slet manuelt:
C:\Programmer\Security iGuard<-hele mappen

Slet de 3 genveje på skrivebordet og tøm papirkurven

Genstart og ny hijackthis log

Synes godt om

flashdevil Nybegynder

25. april 2005 - 01:25 #7

okay så er det gjort og her er den nye log:

Logfile of HijackThis v1.99.1
Scan saved at 01:23:33, on 25-04-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache\Apache\Apache.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\ccxgui\ccXservice.exe
C:\apache\Apache\Apache.exe
C:\Programmer\ccxgui\ccxstream.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
c:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\henrik\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com.tw/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\henrik\Application Data\Mozilla\Profiles\default\382kiz9r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pccguide.exe] "c:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "c:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IHTWINCINEMAMGR] C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {E5A4D263-689F-4A56-859C-A7C90A303868} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E5A4D263-689F-4A56-859C-A7C90A303868} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A87064-8890-4CA9-8D02-2DC80C2ECC02}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA64CB47-9C7A-4061-88CA-1042131F0FD4}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D3490E-9DED-43F4-BF80-11003B09C8C0}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{D05DDF15-FDFD-45CA-BB7D-3DE4F8AB82C6}: NameServer = 69.50.184.85,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{03A87064-8890-4CA9-8D02-2DC80C2ECC02}: NameServer = 69.50.184.85,195.225.176.37
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\apache\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ccXgui - [XC]D-Ice - C:\Programmer\ccxgui\ccXservice.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - c:\Programmer\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - c:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Synes godt om

arlet Juniormester

25. april 2005 - 16:49 #8

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

Synes godt om

flashdevil Nybegynder

26. april 2005 - 17:32 #9

Hejsa

Så her jeg fixet det med system gendannelsen. Og så har jeg installeret et par af de programmer som du anbefaler på din side, så nu må jeg blot håbe at jeg kan forblive spywarefri :-)

Igen tusind tak for hjælpen....det er bare fantastisk at der nogen som dig der har evnerne og lysten til at tage kampen op med spyware helvedet. Tak for det.

ps. Tjek lige kagekassen om et par dag ik :-)

Synes godt om

arlet Juniormester

26. april 2005 - 17:41 #10

Hvis du har installeret programmerne fra pakken, så kan du ikke få spyware ind på computeren*S*

Velbekommen og fortsat god dag

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

01/05

Test: Kan danske Jabra egentlig hamle op med tech-giganterne med sin nye topmodel? Svaret er ja

01/05

Efter mange års tilbagegang i Danmark - nu vokser CGI's omsætning igen

01/05

Nørgaard: En marxistisk analyse af milliardærskat i dagens anledning - fik Marx egentlig ikke ret?

01/05

Rykker tættere på fælles it-drift: 19 kommuner siger ja til hinanden - Aarhus får central rolle

01/05

Den danske datacenter-branche efter kritik: Der skal bygges meget mere. Det haster

01/05

Emagine buldrer frem: Sætter ny omsætningsrekord og har vild vækst på jobfronten

01/05

En særlig ting får vores samfund til at fungere

01/05

It-selskab fra Fyn rejser 261 millioner kroner og gør klar til at købe op i Danmark

01/05

Netcompany bliver eneejer af kæmpe lufthavns-satsning: Københavns Lufthavn forlader ejerkredsen

01/05

Danske Bank satser stort på AI og forventer produktivitets-gevinster i milliardklassen: Her er planerne

01/05

Prosas 1. maj-tale: Den næste store arbejderkamp handler om AI

Vis flere artikler

IT-JOB

Forsvarsministeriets Materiel- og Indkøbsstyrelse

Netværksteknikere til design, drift og vedligehold ved Cyberdivisionen

Vivant ApS

Team Lead – Support & Operations

Netcompany A/S

Network Engineer

Forsvarsministeriets Materiel- og Indkøbsstyrelse

Ingeniør til Satellitkommunikation

Banedanmark

IKT leder til digitale jernbaneprojekter

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 00:59	Mobilepay app virker ikke mere på Xiaomi Redmi Note 13 Pro Af henrixx i Apps til Android
I går 19:09	Download Win 11 - 25H2 Af ErikHg i Windows
30/0410:42	Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37	Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
29/0412:23	Facebook Af hkv i Sociale medier

White papers

Find den SOC-model, der virker i praksis
SecureDevice
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf
Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta

Flere white papers »