Søg
Avatar billede spaak Nybegynder
29. maj 2005 - 19:39 Der er 13 kommentarer og
3 løsninger

azesearch.ocx

Hej derude.
Jeg har følgende virus, der ligger i system 32. Azesearch.ocx. Er der nogen der ved hvordan jeg fjerner den. Spybot tager den ikke, heller ikke mit virusprogram/NOD 32. Mange hilsener
Avatar billede tonnybrandt Nybegynder
29. maj 2005 - 19:47 #1
Følg vejledningen her:
Gå ind her og hent Hijackthis.
http://danborg.org/spy/HJT/hijackthis.exe
Kør Hijackthis, scan, save log og kopier logfilen herind, så kigger jeg på den. Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.
Avatar billede spaak Nybegynder
29. maj 2005 - 23:27 #2
Hej Tonny. Her er det så.

Logfile of HijackThis v1.99.1
Scan saved at 23:25:30, on 05/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSEC.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Iomega\AutoDisk\ADUserMon.exe
C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
C:\Programmer\Iomega\DriveIcons\ImgIcon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Quicktime\iTunesHelper.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmer\Office Mouse\moffice.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Office Mouse\MOUSE32A.DAT
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\HotKey\HotKey.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmer\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Åse Krabbe\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 66.199.231.174 www.google.com
O1 - Hosts: 66.199.231.174 google.com
O1 - Hosts: 66.199.231.174 www.google.co.uk
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 www.google.ca
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 www.google.es
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 www.google.de
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 www.google.fr
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.174 www.google.com.au
O1 - Hosts: 66.199.231.174 google.com.au
O1 - Hosts: 66.199.231.173 www.yahoo.com
O1 - Hosts: 66.199.231.173 yahoo.com
O1 - Hosts: 66.199.231.172 www.msn.com
O1 - Hosts: 66.199.231.172 msn.com
O1 - Hosts: 66.199.231.172 search.msn.com
O1 - Hosts: 66.199.231.172 www.go.com
O1 - Hosts: 66.199.231.172 go.com
O1 - Hosts: 66.199.231.171 astalavista.com
O1 - Hosts: 66.199.231.171 www.astalavista.com
O1 - Hosts: 66.199.231.171 astalavista.box.sk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\apdos.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] C:\Programmer\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programmer\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programmer\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\Quicktime\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [sais] c:\programmer\180solutions\sais.exe
O4 - HKLM\..\Run: [xwlsf] C:\WINDOWS\xwlsf.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MemTurbo.lnk = C:\Programmer\Silicon Software\MemTurbo\memturbo.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotKey Driver.lnk = C:\Programmer\HotKey\HotKey.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0805f8f75f40dccf0b16/netzip/RdxIE601.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {71AEE1E3-1B65-41FA-BBD2-565CBD1359D8} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSPInstall0703.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://80.164.11.164/v2/XUpload.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O20 - Winlogon Notify: apdos - C:\WINDOWS\apdos.dll (file missing)
O23 - Service: 2CN0J2ADrYs1ZdL2z20lr8g0+jLWx3v7Ve+0IQ8L00 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: 3E2GY1G+LHV10R4H60Gl+kK0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: 5WWbi3z5kMw0xaIch2xHXfk0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: 7Y7IK29tpHH2+Pzkl1 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: 8C7Zt1DK+qa2JiCmB3 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: 9uIqL26mYQ434Ouvh0mlLCt2gq9en0dcmZF1GZzqy3 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: a1Biq2e3NTn0qfHuQ0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: aZwHd3AFkOj136gbG0Vx1Ms3CtscN2TU7fY0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: cyHeU11blsv3BTsbd0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: dgah13TX20c1n9s8j3IhuWG2iB4Ns1rhYcN0cU3fY2 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: Exnso3Vpzbm1bn1rF09aOmy2qVAac1iuQrX2APWFr0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: gUh1j3sf1YG2xdZNs1JE3Cz2R6ZX02jHMNc03Ldc70 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: H27a31QuGzp2orhlM3b9p0T2VlXsr1pEnje3GHqgH2 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: J4QvU0lFapv2Tdeno0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: jYKbY3Bx9rr1qymQa27eeiU2fJlYi1 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: K2WoF2mMf7m1x71SM0Dzsat3Zmjf23 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: KJf6c2+WvSu1353nK05aRjT1RHS1A1YAYYR0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: L7MHJ1bbAO91KGPmn2GX9jy1wxCKg3P3ocx0dnhf+3 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ppNLt2mAICe0m7JXH1kkiNZ39PWPv0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: QEO292a6Htn1Yk6J31 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: qwZBg10QA3Y24wzKV2kbplv0DSQYd3ixjqq1dbZQn3 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: RFLxp2NOAw32BZc5C2OH5SQ3 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: Rg0yg3qIR4H28WZZS3 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: SkIXG2ojcBG2w7efw0IQhZO0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: vG72U3VVm8r0Ws1rz3JKEi03yXo+C30whHQ2 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: ViJ9n3DAprf1t+ii41Rbg1d3 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: VP+JB0R9Gkz2ncCYp0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: vQtpU2Uw3RJ2KFO6l1N+W0Z28RI1V2Qlt+i1+XMds3 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: wa42f2Ilm8k04jKWl2BIVew1MXtgh3n4Lgk1bmWLG0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: wia2a2wwv1q0bKghE1stl9M1uzk3k2 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: WLxJL1LAfOt2bcvQz1 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: xKV5634fzYd1sFT3u2oHe9h06ecB40TbmqO1 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: ysuVc0ve07U0vkOgi3dGVZs1VSqqn36WyFb0Lv1Nq2 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: ZO0rZ0HZa6i2A4wSw1pbMah30lAfk1mIPLG0 - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmer\Iomega\AutoDisk\ADService.exe

Hilsen spakk
Avatar billede tonnybrandt Nybegynder
29. maj 2005 - 23:43 #3
Wow, jeg kigger lige på den *s*
Avatar billede tonnybrandt Nybegynder
29. maj 2005 - 23:52 #4
Før jeg lige kommer med vejledninger, så bekræft lige at du IKKE har Kaspersky antivirus installeret. Hvilken antivirus har du installeret ?

(Sjældent har jeg se en så rodet log)
Avatar billede spaak Nybegynder
29. maj 2005 - 23:56 #5
Har ikke kaspersky installeret, har tidligere brugt dette virusprogram. Nu bruger jeg NOD 32, har installeret AVG - en prøveversion, har prøvet at slette den, men det kan ikke lade sig gøre. Du siger en rodet log, jeg har ikke forstand på det, men det ville da være rart at få orden på det.
Avatar billede tonnybrandt Nybegynder
30. maj 2005 - 00:00 #6
Ok, du får en procedure der rydder op i det. Jeg skulle blot lige være sikker på hvad der skulle "blive tilbage" *s*
Avatar billede spaak Nybegynder
30. maj 2005 - 00:06 #7
Det lyder sørme godt. Jeg må forlade computeren nu. Vender tilbage i morgen efter kl. 16.
Avatar billede tonnybrandt Nybegynder
30. maj 2005 - 00:17 #8
Alt iorden. Her er proceduren:

Hent denne Kaspersky scanner, den skal du bruge senere.
http://www.spywareinfo.dk/download/mwav.exe - Virusscanner.

Så skal du genstarte pc'en i fejlsikret tilstand. Klik F8 under opstart. Log ind med samme brugernavn som du bruger i normal tilstand.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, slet mapper og filer listet nederst.
Dobbelttjek, så alt kommer med.

O1 - Hosts: 66.199.231.174 www.google.com
O1 - Hosts: 66.199.231.174 google.com
O1 - Hosts: 66.199.231.174 www.google.co.uk
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 www.google.ca
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 www.google.es
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 www.google.de
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 www.google.fr
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.174 www.google.com.au
O1 - Hosts: 66.199.231.174 google.com.au
O1 - Hosts: 66.199.231.173 www.yahoo.com
O1 - Hosts: 66.199.231.173 yahoo.com
O1 - Hosts: 66.199.231.172 www.msn.com
O1 - Hosts: 66.199.231.172 msn.com
O1 - Hosts: 66.199.231.172 search.msn.com
O1 - Hosts: 66.199.231.172 www.go.com
O1 - Hosts: 66.199.231.172 go.com
O1 - Hosts: 66.199.231.171 astalavista.com
O1 - Hosts: 66.199.231.171 www.astalavista.com
O1 - Hosts: 66.199.231.171 astalavista.box.sk
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\apdos.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)
O4 - HKLM\..\Run: [sais] c:\programmer\180solutions\sais.exe
O4 - HKLM\..\Run: [xwlsf] C:\WINDOWS\xwlsf.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0805f8f75f40dccf0b16/netzip/RdxIE601.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://80.164.11.164/v2/XUpload.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: apdos - C:\WINDOWS\apdos.dll (file missing)

---------------------------------------
Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
-------------------
Mapper:
C:\Programmer\Kaspersky Lab
C:\Programmer\Grisoft
c:\programmer\180solutions

Filer:
C:\WINDOWS\apdos.dll
C:\WINDOWS\xwlsf.exe
C:\WINDOWS\System32\Azesearch.ocx

---------------------------------------
Så kører du engangsskanneren fra Kaspersky - Aktiver det hele i opsætningen derinde, så den kan skanne alt igennem.
---------------------------------------

Klik start | kør, skriv regedit og tryk enter.
Find denne nøgle i registreringsdatabasen og udvid den så du kan se de underliggende objekter.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Udvid den så du kan se de underliggende nøgler.
Højreklik disse nøgler en efter en og vælg slet:

Avg7Alrt
Avg7UpdSvc
2CN0J2ADrYs1ZdL2z20lr8g0+jLWx3v7Ve+0IQ8L00
3E2GY1G+LHV10R4H60Gl+kK0
5WWbi3z5kMw0xaIch2xHXfk0
7Y7IK29tpHH2+Pzkl1
8C7Zt1DK+qa2JiCmB3
9uIqL26mYQ434Ouvh0mlLCt2gq9en0dcmZF1GZzqy3
a1Biq2e3NTn0qfHuQ0
aZwHd3AFkOj136gbG0Vx1Ms3CtscN2TU7fY0
cyHeU11blsv3BTsbd0
dgah13TX20c1n9s8j3IhuWG2iB4Ns1rhYcN0cU3fY2
Exnso3Vpzbm1bn1rF09aOmy2qVAac1iuQrX2APWFr0
gUh1j3sf1YG2xdZNs1JE3Cz2R6ZX02jHMNc03Ldc70
H27a31QuGzp2orhlM3b9p0T2VlXsr1pEnje3GHqgH2
J4QvU0lFapv2Tdeno0
jYKbY3Bx9rr1qymQa27eeiU2fJlYi1
K2WoF2mMf7m1x71SM0Dzsat3Zmjf23
KJf6c2+WvSu1353nK05aRjT1RHS1A1YAYYR0
L7MHJ1bbAO91KGPmn2GX9jy1wxCKg3P3ocx0dnhf+3
ppNLt2mAICe0m7JXH1kkiNZ39PWPv0
QEO292a6Htn1Yk6J31
qwZBg10QA3Y24wzKV2kbplv0DSQYd3ixjqq1dbZQn3
RFLxp2NOAw32BZc5C2OH5SQ3
Rg0yg3qIR4H28WZZS3
SkIXG2ojcBG2w7efw0IQhZO0
vG72U3VVm8r0Ws1rz3JKEi03yXo+C30whHQ2
ViJ9n3DAprf1t+ii41Rbg1d3
VP+JB0R9Gkz2ncCYp0
vQtpU2Uw3RJ2KFO6l1N+W0Z28RI1V2Qlt+i1+XMds3
wa42f2Ilm8k04jKWl2BIVew1MXtgh3n4Lgk1bmWLG0
wia2a2wwv1q0bKghE1stl9M1uzk3k2
WLxJL1LAfOt2bcvQz1
xKV5634fzYd1sFT3u2oHe9h06ecB40TbmqO1
ysuVc0ve07U0vkOgi3dGVZs1VSqqn36WyFb0Lv1Nq2
ZO0rZ0HZa6i2A4wSw1pbMah30lAfk1mIPLG0


Genstart normalt og kom med en ny log til kontrol
Avatar billede spaak Nybegynder
30. maj 2005 - 18:59 #9
Så langt så godt. Har gjort som du har fortalt. Et par problemer undervejs - 1. C:\Kaspersky\lab kan jeg ikke finde på min PC. Grisoft kan jeg ikke få adgang til at slette. 180solutions er heller ikke på min PC. Apdos.dll og xwlsf.exe var ikke i windows.
Her er en ny log til dig.

Logfile of HijackThis v1.99.1
Scan saved at 18:51:28, on 05/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSEC.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Iomega\AutoDisk\ADUserMon.exe
C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
C:\Programmer\Iomega\DriveIcons\ImgIcon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Quicktime\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmer\Office Mouse\moffice.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Office Mouse\MOUSE32A.DAT
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\HotKey\HotKey.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Åse Krabbe\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] C:\Programmer\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programmer\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programmer\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\Quicktime\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MemTurbo.lnk = C:\Programmer\Silicon Software\MemTurbo\memturbo.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotKey Driver.lnk = C:\Programmer\HotKey\HotKey.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {71AEE1E3-1B65-41FA-BBD2-565CBD1359D8} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSPInstall0703.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmer\Iomega\AutoDisk\ADService.exe

Ser det bedre ud nu ?
Avatar billede tonnybrandt Nybegynder
30. maj 2005 - 20:50 #10
Det har du søreme gjort godt !!

Loggen er ren i "føste hug". Det ville jeg have forsvoret kunne lade sig gøre med alt det der var i den.

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse  - genstart din computer - aktiver systemgendannelse.
(klik start | indstillinger | kontrolpanel | system, fanebladet systemgendannelse)

Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Du kan evt installere nogle af programmerne i spywarefri pakken..de er alle små, konflikter ikke og er meget effektive mod snavs af den slags du lige har været angrebet af.

Specielt anbefaler vi Spybot,spywareblaster, IE-Spyad og spywareguard.
Se mere i "pakken" her
http://www.spywarefri.dk/pakken.htm
Avatar billede spaak Nybegynder
30. maj 2005 - 21:55 #11
Jamen det er jo utroligt. Har lige scannet min PC, virus er væk. Jeg er meget taknemmelig for hjælpen.
Avatar billede spaak Nybegynder
30. maj 2005 - 21:59 #12
Glemte at spørge om dette - skal jeg gemme skanneren fra Kaspersky - eller skal jeg slette den ?
Avatar billede tonnybrandt Nybegynder
30. maj 2005 - 22:33 #13
Du skal blot slette den. Får du brug for den igen downloader du en ny. Så er du sikker på at have de nyeste virusdefinitioner når du får brug for den.

Og velbekomme da. Rart at kunne gøre nytte *s*
Avatar billede tonnybrandt Nybegynder
01. juni 2005 - 19:57 #14
Du lukker spørgsmålet ved at markere mit navn nede til venstre og trykker accepter knappen.
(hvis du ikke vidste det)
Avatar billede spaak Nybegynder
22. juni 2005 - 17:45 #15
Undskyld det vidste jeg ikke.
Avatar billede tonnybrandt Nybegynder
23. juni 2005 - 13:28 #16
Alt iorden.

Takker for point :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
30/0410:42 Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37 Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
29/0412:23 Facebook Af hkv i Sociale medier
29/0411:38 JAVASCRIPT omdan ekstern variabel til søjleværdi .. Af snestrup2000 i Programmeringsværktøjer
29/0409:50 jeg mangler hjælp til opsætning af shop og Google ADS Af Hightech i Webhotel
White papers
Flere white papers »