Hijackthis-log

Har du selv installeret radmin??

Hent denne scanner:
Ewido kan du downloade her: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet, (men lad være med at scanne endnu).
Genstart i fejlsikret tilstand. Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange. Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og kopier den report herind sammen med en hijackthis log taget efter du har kørt Ewido

Jeps - jeg har selv installeret radmin (Remote Administrator) :-)

Her er loggen fra Ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            20:20:11, 12-07-2005
+ Report-Checksum:        42BD8E78

+ Scan result:

    :mozilla.6:C:\Documents and Settings\KSLH\Application Data\Mozilla\Profiles\default\drtg8200.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\KSLH\Application Data\Mozilla\Profiles\default\drtg8200.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\KSLH\Application Data\Mozilla\Profiles\default\drtg8200.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\KSLH\Application Data\Mozilla\Profiles\default\drtg8200.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\KSLH\Application Data\Mozilla\Profiles\default\drtg8200.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\KSLH\Application Data\Mozilla\Profiles\default\drtg8200.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\KSLH\Application Data\Mozilla\Profiles\default\drtg8200.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\KSLH\Application Data\Mozilla\Profiles\default\drtg8200.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\KSLH\Cookies\kslh@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End

Og den nye log fra HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 21:05:14, on 12-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\util\ewido\security suite\ewidoctrl.exe
C:\Programmer\util\ewido\security suite\ewidoguard.exe
C:\Programmer\Util\Norton AntiVirus\navapsvc.exe
C:\Programmer\Util\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Util\Logitech\iTouch\iTouch.exe
C:\Programmer\Util\Logitech\Mouseware\MouseWare\system\em_exec.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\PROGRA~1\Media\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\ATI Multimedia\main\ATIDtct.EXE
C:\Programmer\ATI Multimedia\main\ATISched.EXE
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Fælles filer\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\KSLH\Skrivebord\hijackthis\hijackthis.exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CInternet%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\KSLH\Application Data\Mozilla\Profiles\default\drtg8200.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Internet\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmer\Internet\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Util\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\Media\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Media\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Internet\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NetStat Live] C:\Programmer\Internet\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programmer\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Programmer\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: sipgate X-Lite.lnk = C:\Programmer\sipgate X-Lite\sipgateXLite.exe
O8 - Extra context menu item: Download alle med Net Transport - C:\Programmer\Internet\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download med Net Transport - C:\Programmer\Internet\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programmer\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://esbsemsrv02.udd.sembsc.dk/qp2.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.diaform.dk/menu/config/version5/Codebase/FormCtl.CAB
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.diaform.dk/menu/config/version5/codebase/ffmail.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://esbsemsrv01.udd.sembsc.dk/iNotes.cab
O16 - DPF: {1E69721D-9104-11D3-82D3-D06650C10000} (DafoloControl Class) - http://www.diaform.dk/menu/config/version5/codebase/Dafolo.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6274F636-00DB-42BE-8995-B92E46F853F7} (sigSrvClnt Class) - https://service.esbjergkommune.dk/signServerClient.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.diaform.dk/menu/config/version5/codebase/scriptobject.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.diaform.dk/menu/config/version5/codebase/fontinstaller.cab
O16 - DPF: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5} (Adobe ListBox Control) - http://www.diaform.dk/menu/config/version5/codebase/listbox.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\util\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\util\ewido\security suite\ewidoguard.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Util\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programmer\Media\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Util\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Internet\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Genstart i fejlsikret(tryk <F8> ved opstart), dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.
Klik så på den grønne fodgænger ovre til højre på siden, så starter scanningen.
Klik så på Start->Søg, find filen >>drweb32w.log<< kopier det nederste af teksten herind, startende med:
>>Total session statistics<<

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 26712
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Scan speed: 1392 Kb/s
Scan time: 00:40:25
=============================================================================

Du har en helt ren computer*S*

Vil du ikke se en hijackthis-log?
Hvad gør de to programmer jeg har installeret?

smider du også et svar? :-)

Vil ikke se en ny hijackthis, da den forrige var ren..

De 2 andre programmer er bare scanningsprogrammer, for at se om du skulle have andet snavs på computeren, det havde du ikke.

Okay :-)
Jeg har lige kørt en Mwav-scan på min computer igen. Og den kommer stadig op med at der er noget spyware/adware:
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Derudover skriver den en masse linier som denne:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programmer\Ahead\Nero StartSmart\NeroStartSmart.exe". Action Taken: No Action Taken.

... altså en masse linier som "refers to invalid object" til en række programmer. Har det noget betydning?

Nej, det har ingen betydning..

Hvis din nero kører som den skal lader du det bare være..

men hvad med:
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Prøv at gå i søg og søg på:
AltNet
iSearch

Slet alt hvad den finder..

fandt den noget??

Nej der bliver ikke fundet noget på computeren ift. "AltNet" og "iSearch"...
Men nogle af de linier der kommer frem som:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programmer\Ahead\Nero StartSmart\NeroStartSmart.exe". Action Taken: No Action Taken.
referer til nogle programmer som jeg har afinstalleret for noget tid siden. Men det er ikke noget jeg behøver at tage mig af?

Det er rester der ligger i registreringsdatabasen..

Du kan evt rydde op med regcleaner: http://www.arlet.dk/regcleaner.htm

okay - tak for hjælpen :-)