Så er jeg endelig færdig.
Her er loggen fra HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 22:58:31, on 29-05-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\Programmer\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Messenger\MSMSGS.EXE
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programmer\Ewido\ewidoctrl.exe
C:\Programmer\Ewido\ewidoguard.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.darkskies.dk/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093634358460O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\Ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\Ewido\ewidoguard.exe
O23 - Service: Windows Update Service (muamgrd) - Unknown owner - C:\WINDOWS\System32\muamgrd.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Her er loggen fra Ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 22:56:09, 29-05-2005
+ Report-Checksum: EE0DDD6D
+ Date of database: 29-05-2005
+ Version of scan engine: v3.0
+ Duration: 32 min
+ Scanned Files: 64174
+ Speed: 33.01 Files/Second
+ Infected files: 48
+ Removed files: 48
+ Files put in quarantine: 48
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
D:\
+ Scan result:
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@a.websponsors[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@ads.vnuemedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@ads20.bpath[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@as1.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@ats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@a[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@banner3.inet-traffic[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@cgi[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@cz5.clickzs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@cz7.clickzs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@cz9.clickzs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@esquire[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@gostats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@realguide.real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@vip.clickzs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@www.ebates[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Cookies\martin jørgensen@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\drp2.tmp\thnall1s.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\drp3.tmp\thnall1s.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\drp30.tmp\thnall1s.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\drp4.tmp\thnall1s.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\drp5.tmp\thnall1s.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\drp6.tmp\thnall1s.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\drp63.tmp\thnall1s.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.fr17EF\common.dll -> Spyware.Toolbar3 -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.fr17EF\gykhxlmu.rmr -> Spyware.IBISToolbar -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.fr17EF\TBPS.exe -> Spyware.Toolbar3 -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.fr17EF\toolbar.dll -> Spyware.Toolbar3 -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.fr17EF\xlmurin.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.frA284\common.dll -> Spyware.IBIS -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.frA284\PIB.exe -> Spyware.IBISToolbar -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.frA284\TBPS.exe -> Spyware.IBISToolbar -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.frE7FF\common.dll -> Spyware.IBIS -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.frE7FF\PIB.exe -> Spyware.IBIS -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.frE7FF\TBPS.exe -> Spyware.IBIS -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.frE83F\gykhxlmu.rmr -> Spyware.IBISToolbar -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.frE83F\toolbar.dll -> Spyware.WebSearch.e -> Cleaned with backup
C:\Documents and Settings\Martin Jørgensen\Lokale indstillinger\Temp\temp.frE83F\xlmurin.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\WINDOWS\speer.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\speeryox.dll -> Spyware.BiSpy.u -> Cleaned with backup
::Report End
Jeg logger af eksperten nu og vender først tilbage i morgen aften tidligst kl. 18:30.
Jeg håber ikke at du finder flere fejl ved min computer :)
Godnat og sov godt :)
