Søg
Avatar billede mimerbenz Nybegynder
04. juli 2005 - 17:30 Der er 17 kommentarer og
1 løsning

Venligst tjek af denne logfil

Jeg har fået noget snavs på pc'en - er der een, der vil kigge på denne log:

ogfile of HijackThis v1.99.1
Scan saved at 17:26:02, on 7/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Documents and Settings\Administrator\Desktop\popup killer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\iewf.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\IT problem og løsning\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {284909FB-3140-3EAB-13D7-77F0116C7F19} - C:\WINDOWS\system32\mfcuf.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F31C6232-82F5-341F-35C4-E0CF261C9AED} - C:\WINDOWS\mskt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Administrator\Desktop\popup killer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [iewf.exe] C:\WINDOWS\iewf.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [msuv.exe] C:\WINDOWS\system32\msuv.exe
O4 - HKLM\..\RunOnce: [mfcqh.exe] C:\WINDOWS\system32\mfcqh.exe
O4 - HKLM\..\RunOnce: [javazp.exe] C:\WINDOWS\javazp.exe
O4 - HKLM\..\RunOnce: [sdkrt.exe] C:\WINDOWS\system32\sdkrt.exe
O4 - HKLM\..\RunOnce: [cruw32.exe] C:\WINDOWS\cruw32.exe
O4 - HKLM\..\RunOnce: [winyy32.exe] C:\WINDOWS\system32\winyy32.exe
O4 - HKLM\..\RunOnce: [appnj.exe] C:\WINDOWS\system32\appnj.exe
O4 - HKLM\..\RunOnce: [syscq.exe] C:\WINDOWS\system32\syscq.exe
O4 - HKLM\..\RunOnce: [netly32.exe] C:\WINDOWS\system32\netly32.exe
O4 - HKLM\..\RunOnce: [sdkkw.exe] C:\WINDOWS\system32\sdkkw.exe
O4 - HKLM\..\RunOnce: [iptw32.exe] C:\WINDOWS\system32\iptw32.exe
O4 - HKLM\..\RunOnce: [sysoo.exe] C:\WINDOWS\sysoo.exe
O4 - HKLM\..\RunOnce: [apifw32.exe] C:\WINDOWS\apifw32.exe
O4 - HKLM\..\RunOnce: [atljo.exe] C:\WINDOWS\system32\atljo.exe
O4 - HKLM\..\RunOnce: [iprf.exe] C:\WINDOWS\system32\iprf.exe
O4 - HKLM\..\RunOnce: [mfclq32.exe] C:\WINDOWS\mfclq32.exe
O4 - HKLM\..\RunOnce: [ipqu32.exe] C:\WINDOWS\ipqu32.exe
O4 - HKLM\..\RunOnce: [ntyp.exe] C:\WINDOWS\system32\ntyp.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lystrupit.dk
O17 - HKLM\Software\..\Telephony: DomainName = lystrupit.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lystrupit.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lystrupit.dk
O19 - User stylesheet:  (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ieyg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Avatar billede arlet Juniormester
04. juli 2005 - 20:03 #1
tjekker den nu
Avatar billede arlet Juniormester
04. juli 2005 - 20:06 #2
Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------

Ewido skal du downloade her: http://www.ewido.net/en/download/ ( Vi skal bruge den senere)
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet.

-----------------------

Hent Aboutbuster:
http://www.malwarebytes.biz/AboutBuster.zip
(pak Aboutbuster ud til sin egen mappe på Skrivebordet).

-------------------------------

Hent cwsserviceremove.reg her:
http://www.fbeej.dk/Programmer/cwsserviceremove.zip
(pak cwsserviceremove.zip ud til Skrivebordet)

Under dette fix, må du ikke have Internet Explorer åben, så det bedste er at printe instruktionen ud - næstbedst at kopiere den over i Notepad, så du kan læse den derfra.

For at kunne se alle filer:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Genstart i Fejlsikret tilstand, ved at taste F8 under opstart og vælge Fejlsikret tilstand.

Gå i Start -> Kør og skriv Services.msc

Se om du kan finde én af disse services:

Workstation NetLogon Service
Network Security Service
Remote Procedure Call (RPC) Helper
Remote Access Service

...på listen. Hvis du finder én af dem - Højreklik på den og vælg Egenskaber - klik på "Stop" og vælg Starttype "Deaktiveret" - klik Anvend og OK. Luk service vinduet.

Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {284909FB-3140-3EAB-13D7-77F0116C7F19} - C:\WINDOWS\system32\mfcuf.dll
O2 - BHO: Class - {F31C6232-82F5-341F-35C4-E0CF261C9AED} - C:\WINDOWS\mskt.dll

O4 - HKLM\..\Run: [iewf.exe] C:\WINDOWS\iewf.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [msuv.exe] C:\WINDOWS\system32\msuv.exe
O4 - HKLM\..\RunOnce: [mfcqh.exe] C:\WINDOWS\system32\mfcqh.exe
O4 - HKLM\..\RunOnce: [javazp.exe] C:\WINDOWS\javazp.exe
O4 - HKLM\..\RunOnce: [sdkrt.exe] C:\WINDOWS\system32\sdkrt.exe
O4 - HKLM\..\RunOnce: [cruw32.exe] C:\WINDOWS\cruw32.exe
O4 - HKLM\..\RunOnce: [winyy32.exe] C:\WINDOWS\system32\winyy32.exe
O4 - HKLM\..\RunOnce: [appnj.exe] C:\WINDOWS\system32\appnj.exe
O4 - HKLM\..\RunOnce: [syscq.exe] C:\WINDOWS\system32\syscq.exe
O4 - HKLM\..\RunOnce: [netly32.exe] C:\WINDOWS\system32\netly32.exe
O4 - HKLM\..\RunOnce: [sdkkw.exe] C:\WINDOWS\system32\sdkkw.exe
O4 - HKLM\..\RunOnce: [iptw32.exe] C:\WINDOWS\system32\iptw32.exe
O4 - HKLM\..\RunOnce: [sysoo.exe] C:\WINDOWS\sysoo.exe
O4 - HKLM\..\RunOnce: [apifw32.exe] C:\WINDOWS\apifw32.exe
O4 - HKLM\..\RunOnce: [atljo.exe] C:\WINDOWS\system32\atljo.exe
O4 - HKLM\..\RunOnce: [iprf.exe] C:\WINDOWS\system32\iprf.exe
O4 - HKLM\..\RunOnce: [mfclq32.exe] C:\WINDOWS\mfclq32.exe
O4 - HKLM\..\RunOnce: [ipqu32.exe] C:\WINDOWS\ipqu32.exe
O4 - HKLM\..\RunOnce: [ntyp.exe] C:\WINDOWS\system32\ntyp.exe

O19 - User stylesheet:  (file missing)

O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ieyg.exe

Find og slet

Filerne:
C:\WINDOWS\ieyg.exe
C:\WINDOWS\mskt.dll
C:\WINDOWS\system32\mfcuf.dll

Dobbeltklik på cwsserviceremove.reg, som du hentede i begyndelsen.

Kør AboutBuster - to gange.
- klik OK
- klik Start og OK for at scanne for Alternate Data Streams
- klik Yes for at tillade nedlukning af Explorer.exe
- klik Yes for at tillade nr. 2 scanning.

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

-----------------------------

Stadig i fejlsikret:
Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

-------------------------------

Stadig i fejlsikret:
Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido
Avatar billede mimerbenz Nybegynder
06. juli 2005 - 09:36 #3
Mit internet har været nede, derfor dette sene svar

Her er de 2 nye logs:
Logfile of HijackThis v1.99.1
Scan saved at 09:26:53, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Documents and Settings\Administrator\Desktop\popup killer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\iewf.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Administrator\My Documents\IT problem og løsning\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wbjtf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wbjtf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wbjtf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wbjtf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wbjtf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wbjtf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wbjtf.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F9AE87A0-844A-04E0-82FC-ABA9A8BCBB07} - C:\WINDOWS\winsn32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Administrator\Desktop\popup killer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [iewf.exe] C:\WINDOWS\iewf.exe
O4 - HKLM\..\RunOnce: [appbg32.exe] C:\WINDOWS\system32\appbg32.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lystrupit.dk
O17 - HKLM\Software\..\Telephony: DomainName = lystrupit.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lystrupit.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lystrupit.dk
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ieyg.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            13:48:43, 7/5/2005
+ Report-Checksum:        2FD68906

+ Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{1228458E-6B19-48F4-5449-A00AEE93F0FC} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{2BFAB072-A3F3-0A97-6990-3673392B7DFC} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{46C8C875-7053-566F-B7DF-A8735884B10E} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{830D569A-6507-2B7A-ABB2-4C0D6CA51F32} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{8A50C2FE-C00E-0C19-DC1A-BCABABE155C3} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{F6ED913D-FAB1-F1A5-C359-4E2B2AC7B284} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{F7DFCD4F-46CD-BDA8-264C-0A68205F4979} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0899151F-E69F-1686-3512-49E8D49B547E} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -> Spyware.ASSbar : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{830D569A-6507-2B7A-ABB2-4C0D6CA51F32} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E98E84C-79E1-49C3-82EB-798FCD552EFB} -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-839522115-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6ED913D-FAB1-F1A5-C359-4E2B2AC7B284} -> Spyware.CoolWebSearch : Cleaned with backup
    C:\Documents and Settings\NetworkService\Cookies\administrator@paycounter[2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
   
    C:\RECYCLER\NPROTECT\00003159.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003160.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003162.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003164.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003166.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003168.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003170.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003171.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003172.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003174.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003176.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003178.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003179.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003181.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003182.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003183.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003184.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003186.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003189.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003190.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003191.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003192.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003193.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003194.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\NPROTECT\00003196.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\addgm32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\addhy.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\addjo32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\addmq.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\addpl.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apiao32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apifr32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apifw32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apiju32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apiun.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apiwr.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apiwu.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apixc.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apizr.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\appad32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\appgr.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apphn.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apphp32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\appii32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\appiq32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\appqy.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\atlbw.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\atlca32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\atlox32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\atlxh.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\atlxl32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\coolcust.ini:ztlii -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\croc32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\cruw32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\crxj.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\d3gc32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\d3gf.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\d3ux32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\disney.ini:ethuwn -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\hpqEmlSz.INI:rzngbc -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\hpudrv.ini:jsbwjz -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\iecl.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ieiz.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ieqf32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ipac32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ipei32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ipkt.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ippc32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ipxa32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javacz32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javamj32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javane32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javanj.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javaty.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javazp.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\mfcbz32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\mfcgz.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\mfclq32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\msbp32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\msbu.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\msgk.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\msry32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\msts32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\netes32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\netfv.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\netkg.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\netmn32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\netmv.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\netpo.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ntdf.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ntdw.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ntfi32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ntkr.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ntlm32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ntnt32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\phlziv.reg:fdbzyq -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\phlziv.reg:kvdtqc -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\sdkdn.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\sdkta32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\SIGVERIF.TXT:vzdvyv -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\syscn32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\sysnt.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\sysoo.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\addek.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\addhh32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\addif.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\addno32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\addql.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\addtw.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\apihr.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\apiqi32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\apisg32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\apiwx.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\apizw32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\appnj.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\apppz32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlai.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlei32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlib.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atljo.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlot.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlov.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlps.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlue.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlva.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\crgh32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\crgn32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\crju.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\crop.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\crrx.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\crte32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\crwg32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3bc32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3bh.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3ic.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3jx32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3ka.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3ly32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3sa.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3ta32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3te.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\iehz32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ietf.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ipbl32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ipbv.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ipgw32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ipna32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ipny.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ippr32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ipqv32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\iptw32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javaby.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javaed32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javagm32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javaje.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javajw32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javakc.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javatb32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javawq32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\mfcdx.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\mfchs.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\mfcqh.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\mfcqu32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\mfcvn.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\mfcwv32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\msbk32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\msdl.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\msfp32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\msie32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\mskt32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\msns.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\msuf32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\netnw.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\netss32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\netvm32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ntcn.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ntfe32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\nthf32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ntqe32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ntyp.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ntzl32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkan32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkay32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkcr.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkkw.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkln.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkop.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkqe32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkre.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkrr.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkur.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkvz.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkyp.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\syscq.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sysdq32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sysyl.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\syszl32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\winge.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\winid.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\winkz32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\winmy32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\winxl.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\winxv32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\syszb.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\tempf.txt:mpuxp -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\TSC.ini:hkcek -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\UPGRADE.TXT:kexhd -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\vbaddin.ini:svfpvw -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\winbt.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\winmw.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\winnv32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\winsn32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\winws32.exe -> Trojan.Agent.bi : Cleaned with backup
    D:\Documents and Settings\Michael Sørensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\CJEBUBO7\MediaTicketsInstaller[1].cab/MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
    D:\Documents and Settings\Michael Rex Sørensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\CJEBUBO7\crazywinningsgame[1].exe -> Spyware.WinShow : Cleaned with backup
    D:\Documents and Settings\Michael Rex Sørensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\WBYVQPOR\ucmoreiex[1].exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
    D:\Documents and Settings\Michael Rex Sørensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\WBYVQPOR\ucmoreiex[1].exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
    D:\Documents and Settings\Michael Rex Sørensen\Dokumenter\backup-20050319-143826-824.dll -> Spyware.MediaTickets : Cleaned with backup
    D:\Documents and Settings\Michael Rex Sørensen\Application Data\orec.exe -> Spyware.PurityScan : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP32\A0017787.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP32\A0017788.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP33\A0017889.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP33\A0017890.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP33\A0017893.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP33\A0017902.exe -> Adware.SAHA : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP33\A0017958.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP33\A0017962.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018009.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018013.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018275.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018275.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018276.dll -> Spyware.SBSoft : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018277.dll -> Spyware.Puper : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018278.exe -> Adware.SAHA : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018281.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018282.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018289.exe -> Adware.SAHA : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018291.dll -> Adware.SAHA : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018292.vxd/D:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018292.vxd/D:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018292.vxd/D:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018292.vxd/D:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018292.vxd/D:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018292.vxd/D:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018308.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018378.dll -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018379.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018380.exe -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018381.dll -> Spyware.BargainBuddy : Cleaned with backup
    D:\System Volume Information\_restore{226B5EF7-B290-4FA2-B1AC-1E78C6CA28E6}\RP35\A0018382.dll -> Spyware.180Solutions : Cleaned with backup


::Report End

Får hele tiden alarmer fra Ewido-programmet om virus, selvom programmet har renset op.

Kunne ikke gøre dette, som var dit forslag:Se om du kan finde én af disse services:

Workstation NetLogon Service
Network Security Service
Remote Procedure Call (RPC) Helper
Remote Access Service

...på listen. Hvis du finder én af dem - Højreklik på den og vælg Egenskaber - klik på "Stop" og vælg Starttype "Deaktiveret" - klik Anvend og OK. Luk service vinduet.
"Stopfeltet" kunne ikke aktiveres.
Avatar billede arlet Juniormester
06. juli 2005 - 16:49 #4
Kør hele vejledningen igen, men ved service, gør sådan i stedet for:

Klik på Start->Kør, skriv Regedit og klik OK.
Klik dig frem til:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Find undermappen "Network Security Service" højreklik på den og slet den.
Luk Regedit.

Til sidst kommer du med en ny hijackthis
Avatar billede mimerbenz Nybegynder
06. juli 2005 - 17:59 #5
Jeg har ikke en mappe, der hedder  "Network Security Service".

Til gengæld har jeg en "Netlogon" med en undermappe som hedder "security"????
Avatar billede arlet Juniormester
06. juli 2005 - 21:08 #6
Nej, vent med det..

Klik på Start->Kør skriv Regedit klik OK.

Klik dig så frem til:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Network Security Service
Højreklik på den, og slet den, hvis den findes.
Får du ikke lov til at slette den, klik en gang på den, så den er markeret, vælg rediger, vælg tilladelser og tag fuld kontrol over nøglen, så kan du slette den.

Til sidst skal jeg se en ny hijackthis log
Avatar billede mimerbenz Nybegynder
06. juli 2005 - 23:13 #7
Beklager, men jeg har ikke LEGACY_Network Security Service til slut.
Jeg har kun HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\ LEGACY_netman
Avatar billede arlet Juniormester
07. juli 2005 - 19:54 #8
Hmm.

Kom med en ny hijackthis..
Avatar billede mimerbenz Nybegynder
07. juli 2005 - 21:30 #9
Her er en ny log:

Logfile of HijackThis v1.99.1
Scan saved at 21:29:30, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\popup killer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Administrator\My Documents\IT problem og løsning\LOG TJEK og sikkerhed\hjt.exe

R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Administrator\Desktop\popup killer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lystrupit.dk
O17 - HKLM\Software\..\Telephony: DomainName = lystrupit.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lystrupit.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lystrupit.dk
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Avatar billede arlet Juniormester
07. juli 2005 - 22:14 #10
Forstår godt at du ikke kan finde den, for den er væk fra loggen*S*

Så er vi ved at være i mål

Denne skal lige fixes i hijackthis:
R3 - Default URLSearchHook is missing

genstart og ny hijackthis log
Avatar billede mimerbenz Nybegynder
07. juli 2005 - 23:50 #11
Her er så en ny log efter den foreskrevne fjernelse af:"R3 - Default URLSearchHook is missing"

Dog undrer det mig, at min browser starter op ved opstart af computeren (hvilket den aldrig har gjort før) og søger denne adresse:

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome


Logfile of HijackThis v1.99.1
Scan saved at 23:47:23, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\popup killer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Administrator\My Documents\IT problem og løsning\hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Administrator\Desktop\popup killer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lystrupit.dk
O17 - HKLM\Software\..\Telephony: DomainName = lystrupit.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lystrupit.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lystrupit.dk
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Avatar billede arlet Juniormester
08. juli 2005 - 16:39 #12
Jamen, det forstår jeg godt.. Jeg troede at du selv havde lagt den til at starte op, men det fixer vi lige..

Fix i hijackthis:
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

genstart og så gør den ikke det mere
Avatar billede mimerbenz Nybegynder
08. juli 2005 - 18:02 #13
Tak for hjælpen - Havde selv et godt øje til:O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe, som forårsagede opstarten af browseren.

Lige et hurtigt tillægsspørgsmål: Så i et andet indlæg, at du foreslog en fyr at hente et renseprogram til registreringsdatabasen "regsupreme" - er det nemt og relativt ufarligt at bruge - det foreslår åbenbart selv overflødige filer at fjerne?

Endnu en gang tak for kompetent hjælp!
Avatar billede arlet Juniormester
08. juli 2005 - 18:05 #14
Velbekommen..

Ja, du kan roligt bruge regsupreme
Avatar billede mimerbenz Nybegynder
08. juli 2005 - 18:27 #15
Ok, tak - jeg fjerne det som programmet foreslår. Håber det går godt.
Avatar billede arlet Juniormester
08. juli 2005 - 19:29 #16
Og hvis det ikke går, så går du derind igen og sætter hak i boksen ud for den der skal starte op..
Avatar billede arlet Juniormester
08. juli 2005 - 19:31 #17
Undskyld, den kommentar 19:29:53 var ikke til denne tråd..

Selvfølgelig går det godt*S*
Avatar billede mimerbenz Nybegynder
08. juli 2005 - 22:11 #18
Det gik godt - maskinen holder sig i gang, så nu flyver vi snart*S*

Tak og god sommer!

Mvh Michael
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 10:42 Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37 Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
29/0412:23 Facebook Af hkv i Sociale medier
29/0411:38 JAVASCRIPT omdan ekstern variabel til søjleværdi .. Af snestrup2000 i Programmeringsværktøjer
29/0409:50 jeg mangler hjælp til opsætning af shop og Google ADS Af Hightech i Webhotel
White papers
Flere white papers »