Søg
Avatar billede crj100 Praktikant
03. september 2005 - 22:34 Der er 19 kommentarer og
1 løsning

W32/smitfraud.E

Hej
En bekendt har fået denne virus, og kan ikke fjerne den med Panda's onlinescanner.
Kan nogen hjælpe ud fra følgende:

Logfile of HijackThis v1.99.1
Scan saved at 22:02:55, on 03-09-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Programmer\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmer\Lexmark X74-X75\lxbbbmgr.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\msxw32.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Lexmark X74-X75\lxbbbmon.exe
C:\lotus\wordpro\ltsstart.exe
C:\lotus\register\remind32.exe
C:\lotus\smartctr\suitest.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Creative\SBLive\Diagnostics\diagent.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Outlook Express\MSIMN.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\DOCUME~1\Claus\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe
C:\Programmer\Microsoft AntiSpyware\gcasServAlert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {270B770B-A81B-7F32-31CA-A8A4B3E5B7AD} - C:\WINDOWS\system32\sdkiw.dll
O2 - BHO: Class - {489CB8A5-F200-EAC7-EB4D-CADBFD62480E} - C:\WINDOWS\mfcbs32.dll
O2 - BHO: Class - {4CD05B77-C677-4D01-5562-25BA68012376} - C:\WINDOWS\apict.dll
O2 - BHO: Class - {83EF55DB-6787-8204-BD91-03202E65FD32} - C:\WINDOWS\addon32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Class - {AC50F23D-F99D-EE5A-71F2-ABCB913DE13A} - C:\WINDOWS\sdkkf32.dll
O2 - BHO: Class - {C97CB847-28A7-9898-6A69-C9307ABFC8EC} - C:\WINDOWS\system32\d3tp32.dll
O2 - BHO: Class - {CDE45960-40E0-55A2-18F1-392935B88569} - C:\WINDOWS\ipis.dll
O2 - BHO: Class - {E738FA69-B912-B059-1394-230F1BB7CC13} - C:\WINDOWS\apieu32.dll
O2 - BHO: Class - {FD25AD19-D6F8-C138-8DFA-A51830DD9D78} - C:\WINDOWS\crde32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [diagent] C:\Programmer\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Programmer\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [msxw32.exe] C:\WINDOWS\system32\msxw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [atlen.exe] C:\WINDOWS\atlen.exe
O4 - HKLM\..\RunOnce: [d3rc.exe] C:\WINDOWS\d3rc.exe
O4 - HKLM\..\RunOnce: [winfo.exe] C:\WINDOWS\winfo.exe
O4 - HKLM\..\RunOnce: [ipav.exe] C:\WINDOWS\ipav.exe
O4 - HKLM\..\RunOnce: [appfx.exe] C:\WINDOWS\system32\appfx.exe
O4 - HKLM\..\RunOnce: [sysiw32.exe] C:\WINDOWS\system32\sysiw32.exe
O4 - HKLM\..\RunOnce: [addgy.exe] C:\WINDOWS\system32\addgy.exe
O4 - HKLM\..\RunOnce: [javabd32.exe] C:\WINDOWS\system32\javabd32.exe
O4 - HKLM\..\RunOnce: [sdkqs32.exe] C:\WINDOWS\sdkqs32.exe
O4 - HKLM\..\RunOnce: [mfcvx32.exe] C:\WINDOWS\mfcvx32.exe
O4 - HKLM\..\RunOnce: [javayi32.exe] C:\WINDOWS\javayi32.exe
O4 - HKLM\..\RunOnce: [mscn.exe] C:\WINDOWS\system32\mscn.exe
O4 - HKLM\..\RunOnce: [d3dn32.exe] C:\WINDOWS\d3dn32.exe
O4 - HKLM\..\RunOnce: [crsk32.exe] C:\WINDOWS\system32\crsk32.exe
O4 - HKLM\..\RunOnce: [atlpv.exe] C:\WINDOWS\system32\atlpv.exe
O4 - HKLM\..\RunOnce: [iptz.exe] C:\WINDOWS\iptz.exe
O4 - HKLM\..\RunOnce: [javada32.exe] C:\WINDOWS\javada32.exe
O4 - HKLM\..\RunOnce: [iech.exe] C:\WINDOWS\iech.exe
O4 - HKLM\..\RunOnce: [appyd32.exe] C:\WINDOWS\appyd32.exe
O4 - HKLM\..\RunOnce: [syshm.exe] C:\WINDOWS\syshm.exe
O4 - HKLM\..\RunOnce: [winva32.exe] C:\WINDOWS\winva32.exe
O4 - HKLM\..\RunOnce: [winbx32.exe] C:\WINDOWS\system32\winbx32.exe
O4 - HKLM\..\RunOnce: [javagb32.exe] C:\WINDOWS\javagb32.exe
O4 - HKLM\..\RunOnce: [mscm.exe] C:\WINDOWS\mscm.exe
O4 - HKLM\..\RunOnce: [sdkgy.exe] C:\WINDOWS\system32\sdkgy.exe
O4 - HKLM\..\RunOnce: [sysvn32.exe] C:\WINDOWS\sysvn32.exe
O4 - HKLM\..\RunOnce: [msrx.exe] C:\WINDOWS\system32\msrx.exe
O4 - HKLM\..\RunOnce: [ntbp32.exe] C:\WINDOWS\system32\ntbp32.exe
O4 - HKLM\..\RunOnce: [javavb32.exe] C:\WINDOWS\javavb32.exe
O4 - HKLM\..\RunOnce: [mfcax32.exe] C:\WINDOWS\mfcax32.exe
O4 - HKLM\..\RunOnce: [javavj.exe] C:\WINDOWS\javavj.exe
O4 - HKLM\..\RunOnce: [addrt32.exe] C:\WINDOWS\addrt32.exe
O4 - HKLM\..\RunOnce: [ntdd.exe] C:\WINDOWS\ntdd.exe
O4 - HKLM\..\RunOnce: [msss32.exe] C:\WINDOWS\system32\msss32.exe
O4 - HKLM\..\RunOnce: [addrh32.exe] C:\WINDOWS\system32\addrh32.exe
O4 - HKLM\..\RunOnce: [sysml.exe] C:\WINDOWS\system32\sysml.exe
O4 - HKLM\..\RunOnce: [sdklb32.exe] C:\WINDOWS\sdklb32.exe
O4 - HKLM\..\RunOnce: [apibq32.exe] C:\WINDOWS\apibq32.exe
O4 - HKLM\..\RunOnce: [netjy.exe] C:\WINDOWS\netjy.exe
O4 - HKLM\..\RunOnce: [apijy.exe] C:\WINDOWS\system32\apijy.exe
O4 - HKLM\..\RunOnce: [d3sh.exe] C:\WINDOWS\system32\d3sh.exe
O4 - HKLM\..\RunOnce: [iprx32.exe] C:\WINDOWS\system32\iprx32.exe
O4 - HKLM\..\RunOnce: [apima.exe] C:\WINDOWS\system32\apima.exe
O4 - HKLM\..\RunOnce: [syslq32.exe] C:\WINDOWS\system32\syslq32.exe
O4 - HKLM\..\RunOnce: [crjf.exe] C:\WINDOWS\crjf.exe
O4 - HKLM\..\RunOnce: [netiv32.exe] C:\WINDOWS\netiv32.exe
O4 - HKLM\..\RunOnce: [addzl32.exe] C:\WINDOWS\system32\addzl32.exe
O4 - HKLM\..\RunOnce: [msmn32.exe] C:\WINDOWS\system32\msmn32.exe
O4 - HKLM\..\RunOnce: [javasi32.exe] C:\WINDOWS\javasi32.exe
O4 - HKLM\..\RunOnce: [netry.exe] C:\WINDOWS\system32\netry.exe
O4 - HKLM\..\RunOnce: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\RunOnce: [d3gd32.exe] C:\WINDOWS\d3gd32.exe
O4 - HKLM\..\RunOnce: [msol32.exe] C:\WINDOWS\msol32.exe
O4 - HKLM\..\RunOnce: [appxm32.exe] C:\WINDOWS\system32\appxm32.exe
O4 - HKLM\..\RunOnce: [crxm.exe] C:\WINDOWS\crxm.exe
O4 - HKLM\..\RunOnce: [d3fi32.exe] C:\WINDOWS\system32\d3fi32.exe
O4 - HKLM\..\RunOnce: [javaat.exe] C:\WINDOWS\javaat.exe
O4 - HKLM\..\RunOnce: [apizj32.exe] C:\WINDOWS\apizj32.exe
O4 - HKLM\..\RunOnce: [addyq32.exe] C:\WINDOWS\system32\addyq32.exe
O4 - HKLM\..\RunOnce: [appxg.exe] C:\WINDOWS\appxg.exe
O4 - HKLM\..\RunOnce: [wingh.exe] C:\WINDOWS\system32\wingh.exe
O4 - HKLM\..\RunOnce: [netww32.exe] C:\WINDOWS\netww32.exe
O4 - HKLM\..\RunOnce: [crgu32.exe] C:\WINDOWS\system32\crgu32.exe
O4 - HKLM\..\RunOnce: [addbg32.exe] C:\WINDOWS\addbg32.exe
O4 - HKLM\..\RunOnce: [mfcnk.exe] C:\WINDOWS\mfcnk.exe
O4 - HKLM\..\RunOnce: [atlol32.exe] C:\WINDOWS\system32\atlol32.exe
O4 - HKLM\..\RunOnce: [appdi.exe] C:\WINDOWS\appdi.exe
O4 - HKLM\..\RunOnce: [atlie.exe] C:\WINDOWS\atlie.exe
O4 - HKLM\..\RunOnce: [d3wb.exe] C:\WINDOWS\system32\d3wb.exe
O4 - HKLM\..\RunOnce: [mfcqm.exe] C:\WINDOWS\mfcqm.exe
O4 - HKLM\..\RunOnce: [addgb.exe] C:\WINDOWS\addgb.exe
O4 - HKLM\..\RunOnce: [ipvo.exe] C:\WINDOWS\system32\ipvo.exe
O4 - HKLM\..\RunOnce: [netep32.exe] C:\WINDOWS\netep32.exe
O4 - HKLM\..\RunOnce: [apill32.exe] C:\WINDOWS\system32\apill32.exe
O4 - HKLM\..\RunOnce: [sysqi32.exe] C:\WINDOWS\system32\sysqi32.exe
O4 - HKLM\..\RunOnce: [ntgm.exe] C:\WINDOWS\system32\ntgm.exe
O4 - HKLM\..\RunOnce: [addui32.exe] C:\WINDOWS\addui32.exe
O4 - HKLM\..\RunOnce: [apppy32.exe] C:\WINDOWS\apppy32.exe
O4 - HKLM\..\RunOnce: [d3da.exe] C:\WINDOWS\d3da.exe
O4 - HKLM\..\RunOnce: [d3xl32.exe] C:\WINDOWS\system32\d3xl32.exe
O4 - HKLM\..\RunOnce: [ipcn.exe] C:\WINDOWS\ipcn.exe
O4 - HKLM\..\RunOnce: [ielw.exe] C:\WINDOWS\ielw.exe
O4 - HKLM\..\RunOnce: [sdkqq32.exe] C:\WINDOWS\sdkqq32.exe
O4 - HKLM\..\RunOnce: [addqw.exe] C:\WINDOWS\system32\addqw.exe
O4 - HKLM\..\RunOnce: [d3vs.exe] C:\WINDOWS\system32\d3vs.exe
O4 - HKLM\..\RunOnce: [netju32.exe] C:\WINDOWS\netju32.exe
O4 - HKLM\..\RunOnce: [mspl.exe] C:\WINDOWS\mspl.exe
O4 - HKLM\..\RunOnce: [sdkow32.exe] C:\WINDOWS\system32\sdkow32.exe
O4 - HKLM\..\RunOnce: [apijx.exe] C:\WINDOWS\apijx.exe
O4 - HKLM\..\RunOnce: [sysor32.exe] C:\WINDOWS\system32\sysor32.exe
O4 - HKLM\..\RunOnce: [mfcyr32.exe] C:\WINDOWS\mfcyr32.exe
O4 - HKLM\..\RunOnce: [msyr32.exe] C:\WINDOWS\msyr32.exe
O4 - HKLM\..\RunOnce: [mfcgc32.exe] C:\WINDOWS\mfcgc32.exe
O4 - HKLM\..\RunOnce: [iele.exe] C:\WINDOWS\system32\iele.exe
O4 - HKLM\..\RunOnce: [sdkls32.exe] C:\WINDOWS\system32\sdkls32.exe
O4 - HKLM\..\RunOnce: [syswe.exe] C:\WINDOWS\syswe.exe
O4 - HKLM\..\RunOnce: [winja32.exe] C:\WINDOWS\winja32.exe
O4 - HKLM\..\RunOnce: [winif32.exe] C:\WINDOWS\winif32.exe
O4 - HKLM\..\RunOnce: [sdkqn.exe] C:\WINDOWS\system32\sdkqn.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [addkh.exe] C:\WINDOWS\addkh.exe
O4 - HKLM\..\RunOnce: [d3jw32.exe] C:\WINDOWS\system32\d3jw32.exe
O4 - HKLM\..\RunOnce: [ntam32.exe] C:\WINDOWS\ntam32.exe
O4 - HKLM\..\RunOnce: [sdkhu.exe] C:\WINDOWS\sdkhu.exe
O4 - HKLM\..\RunOnce: [ipic.exe] C:\WINDOWS\system32\ipic.exe
O4 - HKLM\..\RunOnce: [appqq32.exe] C:\WINDOWS\system32\appqq32.exe
O4 - HKLM\..\RunOnce: [crpg.exe] C:\WINDOWS\crpg.exe
O4 - HKLM\..\RunOnce: [javayg32.exe] C:\WINDOWS\javayg32.exe
O4 - HKLM\..\RunOnce: [sdknd32.exe] C:\WINDOWS\sdknd32.exe
O4 - HKLM\..\RunOnce: [mfcrz32.exe] C:\WINDOWS\mfcrz32.exe
O4 - HKLM\..\RunOnce: [javanl32.exe] C:\WINDOWS\system32\javanl32.exe
O4 - HKLM\..\RunOnce: [sysmm32.exe] C:\WINDOWS\sysmm32.exe
O4 - HKLM\..\RunOnce: [javaag32.exe] C:\WINDOWS\system32\javaag32.exe
O4 - HKLM\..\RunOnce: [iegu32.exe] C:\WINDOWS\iegu32.exe
O4 - HKLM\..\RunOnce: [atloh.exe] C:\WINDOWS\atloh.exe
O4 - HKLM\..\RunOnce: [sysll32.exe] C:\WINDOWS\sysll32.exe
O4 - HKLM\..\RunOnce: [iecp32.exe] C:\WINDOWS\iecp32.exe
O4 - HKLM\..\RunOnce: [sdkhj.exe] C:\WINDOWS\system32\sdkhj.exe
O4 - HKLM\..\RunOnce: [crhx32.exe] C:\WINDOWS\crhx32.exe
O4 - HKLM\..\RunOnce: [addfi32.exe] C:\WINDOWS\system32\addfi32.exe
O4 - HKLM\..\RunOnce: [netjz32.exe] C:\WINDOWS\system32\netjz32.exe
O4 - HKLM\..\RunOnce: [addxu32.exe] C:\WINDOWS\system32\addxu32.exe
O4 - HKLM\..\RunOnce: [sysvm.exe] C:\WINDOWS\sysvm.exe
O4 - HKLM\..\RunOnce: [ntvu32.exe] C:\WINDOWS\ntvu32.exe
O4 - HKLM\..\RunOnce: [sysnc.exe] C:\WINDOWS\sysnc.exe
O4 - HKLM\..\RunOnce: [javatw32.exe] C:\WINDOWS\system32\javatw32.exe
O4 - HKLM\..\RunOnce: [addcd.exe] C:\WINDOWS\addcd.exe
O4 - HKLM\..\RunOnce: [ipyu.exe] C:\WINDOWS\system32\ipyu.exe
O4 - HKLM\..\RunOnce: [netze32.exe] C:\WINDOWS\netze32.exe
O4 - HKLM\..\RunOnce: [sysks32.exe] C:\WINDOWS\sysks32.exe
O4 - HKLM\..\RunOnce: [netcm32.exe] C:\WINDOWS\netcm32.exe
O4 - HKLM\..\RunOnce: [winhg.exe] C:\WINDOWS\system32\winhg.exe
O4 - HKLM\..\RunOnce: [javadj.exe] C:\WINDOWS\system32\javadj.exe
O4 - HKLM\..\RunOnce: [sysvf.exe] C:\WINDOWS\sysvf.exe
O4 - HKLM\..\RunOnce: [msqv.exe] C:\WINDOWS\system32\msqv.exe
O4 - HKLM\..\RunOnce: [ipey32.exe] C:\WINDOWS\system32\ipey32.exe
O4 - HKLM\..\RunOnce: [atljg.exe] C:\WINDOWS\system32\atljg.exe
O4 - HKLM\..\RunOnce: [ntas.exe] C:\WINDOWS\system32\ntas.exe
O4 - HKLM\..\RunOnce: [apifi.exe] C:\WINDOWS\system32\apifi.exe
O4 - HKLM\..\RunOnce: [syskc32.exe] C:\WINDOWS\system32\syskc32.exe
O4 - HKLM\..\RunOnce: [netoj.exe] C:\WINDOWS\system32\netoj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by9fd.bay9.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094496182669
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photocare.dk/ImageUploader3.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

Med venlig hilsen,
Søren
Avatar billede kalp Novice
03. september 2005 - 22:35 #1
du behøver ikke oprette et nyt spørgsmål fordi at du ikke fik hele loggen med før
Avatar billede fromsej Praktikant
03. september 2005 - 22:35 #2
Jeg kigger på den nu.
Avatar billede fromsej Praktikant
03. september 2005 - 22:39 #3
1. Hent følgende programmer:

- CWShredder, http://cwshredder.net/bin/CWShredder.exe (programmet skal ikke køres endnu)
- AboutBuster5, http://www.malwarebytes.biz/AboutBuster5.zip (pak programmet ud til Skrivebordet)
- Ewido, http://shop.element5.com/product.html?productid=531168&affiliateid=200010704 (klik på download i øverste menulinie)
- CCleaner, http://www.filehippo.com/download_ccleaner.html

Installer og kør Ewido - opdater programmet (men lad være med at scanne).

2. Genstart i Fejlsikret tilstand (ved at taste F8 under opstart).

3. Kør CWShredder og klik på Fix.

4. Kør AboutBuster og klik på Begin removal. Tillad programmet at lukke Explorer, hvis du bliver spurgt. Programmet laver en log i samme mappe som du har AboutBuster installeret til (AB log.txt) - den skal du kopiere herind når fixet er færdigt.

5. Kør en rensning med CCleaner (ikke strengt nødvendigt, men så kører Ewido scanningen lidt hurtigere).

6. Kør en fuld scanning med Ewido.

7. Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrxwi.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {270B770B-A81B-7F32-31CA-A8A4B3E5B7AD} - C:\WINDOWS\system32\sdkiw.dll
O2 - BHO: Class - {489CB8A5-F200-EAC7-EB4D-CADBFD62480E} - C:\WINDOWS\mfcbs32.dll
O2 - BHO: Class - {4CD05B77-C677-4D01-5562-25BA68012376} - C:\WINDOWS\apict.dll
O2 - BHO: Class - {83EF55DB-6787-8204-BD91-03202E65FD32} - C:\WINDOWS\addon32.dll
O2 - BHO: Class - {AC50F23D-F99D-EE5A-71F2-ABCB913DE13A} - C:\WINDOWS\sdkkf32.dll
O2 - BHO: Class - {C97CB847-28A7-9898-6A69-C9307ABFC8EC} - C:\WINDOWS\system32\d3tp32.dll
O2 - BHO: Class - {CDE45960-40E0-55A2-18F1-392935B88569} - C:\WINDOWS\ipis.dll
O2 - BHO: Class - {E738FA69-B912-B059-1394-230F1BB7CC13} - C:\WINDOWS\apieu32.dll
O2 - BHO: Class - {FD25AD19-D6F8-C138-8DFA-A51830DD9D78} - C:\WINDOWS\crde32.dll
O4 - HKLM\..\Run: [msxw32.exe] C:\WINDOWS\system32\msxw32.exe
O4 - HKLM\..\RunOnce: [atlen.exe] C:\WINDOWS\atlen.exe
O4 - HKLM\..\RunOnce: [d3rc.exe] C:\WINDOWS\d3rc.exe
O4 - HKLM\..\RunOnce: [winfo.exe] C:\WINDOWS\winfo.exe
O4 - HKLM\..\RunOnce: [ipav.exe] C:\WINDOWS\ipav.exe
O4 - HKLM\..\RunOnce: [appfx.exe] C:\WINDOWS\system32\appfx.exe
O4 - HKLM\..\RunOnce: [sysiw32.exe] C:\WINDOWS\system32\sysiw32.exe
O4 - HKLM\..\RunOnce: [addgy.exe] C:\WINDOWS\system32\addgy.exe
O4 - HKLM\..\RunOnce: [javabd32.exe] C:\WINDOWS\system32\javabd32.exe
O4 - HKLM\..\RunOnce: [sdkqs32.exe] C:\WINDOWS\sdkqs32.exe
O4 - HKLM\..\RunOnce: [mfcvx32.exe] C:\WINDOWS\mfcvx32.exe
O4 - HKLM\..\RunOnce: [javayi32.exe] C:\WINDOWS\javayi32.exe
O4 - HKLM\..\RunOnce: [mscn.exe] C:\WINDOWS\system32\mscn.exe
O4 - HKLM\..\RunOnce: [d3dn32.exe] C:\WINDOWS\d3dn32.exe
O4 - HKLM\..\RunOnce: [crsk32.exe] C:\WINDOWS\system32\crsk32.exe
O4 - HKLM\..\RunOnce: [atlpv.exe] C:\WINDOWS\system32\atlpv.exe
O4 - HKLM\..\RunOnce: [iptz.exe] C:\WINDOWS\iptz.exe
O4 - HKLM\..\RunOnce: [javada32.exe] C:\WINDOWS\javada32.exe
O4 - HKLM\..\RunOnce: [iech.exe] C:\WINDOWS\iech.exe
O4 - HKLM\..\RunOnce: [appyd32.exe] C:\WINDOWS\appyd32.exe
O4 - HKLM\..\RunOnce: [syshm.exe] C:\WINDOWS\syshm.exe
O4 - HKLM\..\RunOnce: [winva32.exe] C:\WINDOWS\winva32.exe
O4 - HKLM\..\RunOnce: [winbx32.exe] C:\WINDOWS\system32\winbx32.exe
O4 - HKLM\..\RunOnce: [javagb32.exe] C:\WINDOWS\javagb32.exe
O4 - HKLM\..\RunOnce: [mscm.exe] C:\WINDOWS\mscm.exe
O4 - HKLM\..\RunOnce: [sdkgy.exe] C:\WINDOWS\system32\sdkgy.exe
O4 - HKLM\..\RunOnce: [sysvn32.exe] C:\WINDOWS\sysvn32.exe
O4 - HKLM\..\RunOnce: [msrx.exe] C:\WINDOWS\system32\msrx.exe
O4 - HKLM\..\RunOnce: [ntbp32.exe] C:\WINDOWS\system32\ntbp32.exe
O4 - HKLM\..\RunOnce: [javavb32.exe] C:\WINDOWS\javavb32.exe
O4 - HKLM\..\RunOnce: [mfcax32.exe] C:\WINDOWS\mfcax32.exe
O4 - HKLM\..\RunOnce: [javavj.exe] C:\WINDOWS\javavj.exe
O4 - HKLM\..\RunOnce: [addrt32.exe] C:\WINDOWS\addrt32.exe
O4 - HKLM\..\RunOnce: [ntdd.exe] C:\WINDOWS\ntdd.exe
O4 - HKLM\..\RunOnce: [msss32.exe] C:\WINDOWS\system32\msss32.exe
O4 - HKLM\..\RunOnce: [addrh32.exe] C:\WINDOWS\system32\addrh32.exe
O4 - HKLM\..\RunOnce: [sysml.exe] C:\WINDOWS\system32\sysml.exe
O4 - HKLM\..\RunOnce: [sdklb32.exe] C:\WINDOWS\sdklb32.exe
O4 - HKLM\..\RunOnce: [apibq32.exe] C:\WINDOWS\apibq32.exe
O4 - HKLM\..\RunOnce: [netjy.exe] C:\WINDOWS\netjy.exe
O4 - HKLM\..\RunOnce: [apijy.exe] C:\WINDOWS\system32\apijy.exe
O4 - HKLM\..\RunOnce: [d3sh.exe] C:\WINDOWS\system32\d3sh.exe
O4 - HKLM\..\RunOnce: [iprx32.exe] C:\WINDOWS\system32\iprx32.exe
O4 - HKLM\..\RunOnce: [apima.exe] C:\WINDOWS\system32\apima.exe
O4 - HKLM\..\RunOnce: [syslq32.exe] C:\WINDOWS\system32\syslq32.exe
O4 - HKLM\..\RunOnce: [crjf.exe] C:\WINDOWS\crjf.exe
O4 - HKLM\..\RunOnce: [netiv32.exe] C:\WINDOWS\netiv32.exe
O4 - HKLM\..\RunOnce: [addzl32.exe] C:\WINDOWS\system32\addzl32.exe
O4 - HKLM\..\RunOnce: [msmn32.exe] C:\WINDOWS\system32\msmn32.exe
O4 - HKLM\..\RunOnce: [javasi32.exe] C:\WINDOWS\javasi32.exe
O4 - HKLM\..\RunOnce: [netry.exe] C:\WINDOWS\system32\netry.exe
O4 - HKLM\..\RunOnce: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\RunOnce: [d3gd32.exe] C:\WINDOWS\d3gd32.exe
O4 - HKLM\..\RunOnce: [msol32.exe] C:\WINDOWS\msol32.exe
O4 - HKLM\..\RunOnce: [appxm32.exe] C:\WINDOWS\system32\appxm32.exe
O4 - HKLM\..\RunOnce: [crxm.exe] C:\WINDOWS\crxm.exe
O4 - HKLM\..\RunOnce: [d3fi32.exe] C:\WINDOWS\system32\d3fi32.exe
O4 - HKLM\..\RunOnce: [javaat.exe] C:\WINDOWS\javaat.exe
O4 - HKLM\..\RunOnce: [apizj32.exe] C:\WINDOWS\apizj32.exe
O4 - HKLM\..\RunOnce: [addyq32.exe] C:\WINDOWS\system32\addyq32.exe
O4 - HKLM\..\RunOnce: [appxg.exe] C:\WINDOWS\appxg.exe
O4 - HKLM\..\RunOnce: [wingh.exe] C:\WINDOWS\system32\wingh.exe
O4 - HKLM\..\RunOnce: [netww32.exe] C:\WINDOWS\netww32.exe
O4 - HKLM\..\RunOnce: [crgu32.exe] C:\WINDOWS\system32\crgu32.exe
O4 - HKLM\..\RunOnce: [addbg32.exe] C:\WINDOWS\addbg32.exe
O4 - HKLM\..\RunOnce: [mfcnk.exe] C:\WINDOWS\mfcnk.exe
O4 - HKLM\..\RunOnce: [atlol32.exe] C:\WINDOWS\system32\atlol32.exe
O4 - HKLM\..\RunOnce: [appdi.exe] C:\WINDOWS\appdi.exe
O4 - HKLM\..\RunOnce: [atlie.exe] C:\WINDOWS\atlie.exe
O4 - HKLM\..\RunOnce: [d3wb.exe] C:\WINDOWS\system32\d3wb.exe
O4 - HKLM\..\RunOnce: [mfcqm.exe] C:\WINDOWS\mfcqm.exe
O4 - HKLM\..\RunOnce: [addgb.exe] C:\WINDOWS\addgb.exe
O4 - HKLM\..\RunOnce: [ipvo.exe] C:\WINDOWS\system32\ipvo.exe
O4 - HKLM\..\RunOnce: [netep32.exe] C:\WINDOWS\netep32.exe
O4 - HKLM\..\RunOnce: [apill32.exe] C:\WINDOWS\system32\apill32.exe
O4 - HKLM\..\RunOnce: [sysqi32.exe] C:\WINDOWS\system32\sysqi32.exe
O4 - HKLM\..\RunOnce: [ntgm.exe] C:\WINDOWS\system32\ntgm.exe
O4 - HKLM\..\RunOnce: [addui32.exe] C:\WINDOWS\addui32.exe
O4 - HKLM\..\RunOnce: [apppy32.exe] C:\WINDOWS\apppy32.exe
O4 - HKLM\..\RunOnce: [d3da.exe] C:\WINDOWS\d3da.exe
O4 - HKLM\..\RunOnce: [d3xl32.exe] C:\WINDOWS\system32\d3xl32.exe
O4 - HKLM\..\RunOnce: [ipcn.exe] C:\WINDOWS\ipcn.exe
O4 - HKLM\..\RunOnce: [ielw.exe] C:\WINDOWS\ielw.exe
O4 - HKLM\..\RunOnce: [sdkqq32.exe] C:\WINDOWS\sdkqq32.exe
O4 - HKLM\..\RunOnce: [addqw.exe] C:\WINDOWS\system32\addqw.exe
O4 - HKLM\..\RunOnce: [d3vs.exe] C:\WINDOWS\system32\d3vs.exe
O4 - HKLM\..\RunOnce: [netju32.exe] C:\WINDOWS\netju32.exe
O4 - HKLM\..\RunOnce: [mspl.exe] C:\WINDOWS\mspl.exe
O4 - HKLM\..\RunOnce: [sdkow32.exe] C:\WINDOWS\system32\sdkow32.exe
O4 - HKLM\..\RunOnce: [apijx.exe] C:\WINDOWS\apijx.exe
O4 - HKLM\..\RunOnce: [sysor32.exe] C:\WINDOWS\system32\sysor32.exe
O4 - HKLM\..\RunOnce: [mfcyr32.exe] C:\WINDOWS\mfcyr32.exe
O4 - HKLM\..\RunOnce: [msyr32.exe] C:\WINDOWS\msyr32.exe
O4 - HKLM\..\RunOnce: [mfcgc32.exe] C:\WINDOWS\mfcgc32.exe
O4 - HKLM\..\RunOnce: [iele.exe] C:\WINDOWS\system32\iele.exe
O4 - HKLM\..\RunOnce: [sdkls32.exe] C:\WINDOWS\system32\sdkls32.exe
O4 - HKLM\..\RunOnce: [syswe.exe] C:\WINDOWS\syswe.exe
O4 - HKLM\..\RunOnce: [winja32.exe] C:\WINDOWS\winja32.exe
O4 - HKLM\..\RunOnce: [winif32.exe] C:\WINDOWS\winif32.exe
O4 - HKLM\..\RunOnce: [sdkqn.exe] C:\WINDOWS\system32\sdkqn.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [addkh.exe] C:\WINDOWS\addkh.exe
O4 - HKLM\..\RunOnce: [d3jw32.exe] C:\WINDOWS\system32\d3jw32.exe
O4 - HKLM\..\RunOnce: [ntam32.exe] C:\WINDOWS\ntam32.exe
O4 - HKLM\..\RunOnce: [sdkhu.exe] C:\WINDOWS\sdkhu.exe
O4 - HKLM\..\RunOnce: [ipic.exe] C:\WINDOWS\system32\ipic.exe
O4 - HKLM\..\RunOnce: [appqq32.exe] C:\WINDOWS\system32\appqq32.exe
O4 - HKLM\..\RunOnce: [crpg.exe] C:\WINDOWS\crpg.exe
O4 - HKLM\..\RunOnce: [javayg32.exe] C:\WINDOWS\javayg32.exe
O4 - HKLM\..\RunOnce: [sdknd32.exe] C:\WINDOWS\sdknd32.exe
O4 - HKLM\..\RunOnce: [mfcrz32.exe] C:\WINDOWS\mfcrz32.exe
O4 - HKLM\..\RunOnce: [javanl32.exe] C:\WINDOWS\system32\javanl32.exe
O4 - HKLM\..\RunOnce: [sysmm32.exe] C:\WINDOWS\sysmm32.exe
O4 - HKLM\..\RunOnce: [javaag32.exe] C:\WINDOWS\system32\javaag32.exe
O4 - HKLM\..\RunOnce: [iegu32.exe] C:\WINDOWS\iegu32.exe
O4 - HKLM\..\RunOnce: [atloh.exe] C:\WINDOWS\atloh.exe
O4 - HKLM\..\RunOnce: [sysll32.exe] C:\WINDOWS\sysll32.exe
O4 - HKLM\..\RunOnce: [iecp32.exe] C:\WINDOWS\iecp32.exe
O4 - HKLM\..\RunOnce: [sdkhj.exe] C:\WINDOWS\system32\sdkhj.exe
O4 - HKLM\..\RunOnce: [crhx32.exe] C:\WINDOWS\crhx32.exe
O4 - HKLM\..\RunOnce: [addfi32.exe] C:\WINDOWS\system32\addfi32.exe
O4 - HKLM\..\RunOnce: [netjz32.exe] C:\WINDOWS\system32\netjz32.exe
O4 - HKLM\..\RunOnce: [addxu32.exe] C:\WINDOWS\system32\addxu32.exe
O4 - HKLM\..\RunOnce: [sysvm.exe] C:\WINDOWS\sysvm.exe
O4 - HKLM\..\RunOnce: [ntvu32.exe] C:\WINDOWS\ntvu32.exe
O4 - HKLM\..\RunOnce: [sysnc.exe] C:\WINDOWS\sysnc.exe
O4 - HKLM\..\RunOnce: [javatw32.exe] C:\WINDOWS\system32\javatw32.exe
O4 - HKLM\..\RunOnce: [addcd.exe] C:\WINDOWS\addcd.exe
O4 - HKLM\..\RunOnce: [ipyu.exe] C:\WINDOWS\system32\ipyu.exe
O4 - HKLM\..\RunOnce: [netze32.exe] C:\WINDOWS\netze32.exe
O4 - HKLM\..\RunOnce: [sysks32.exe] C:\WINDOWS\sysks32.exe
O4 - HKLM\..\RunOnce: [netcm32.exe] C:\WINDOWS\netcm32.exe
O4 - HKLM\..\RunOnce: [winhg.exe] C:\WINDOWS\system32\winhg.exe
O4 - HKLM\..\RunOnce: [javadj.exe] C:\WINDOWS\system32\javadj.exe
O4 - HKLM\..\RunOnce: [sysvf.exe] C:\WINDOWS\sysvf.exe
O4 - HKLM\..\RunOnce: [msqv.exe] C:\WINDOWS\system32\msqv.exe
O4 - HKLM\..\RunOnce: [ipey32.exe] C:\WINDOWS\system32\ipey32.exe
O4 - HKLM\..\RunOnce: [atljg.exe] C:\WINDOWS\system32\atljg.exe
O4 - HKLM\..\RunOnce: [ntas.exe] C:\WINDOWS\system32\ntas.exe
O4 - HKLM\..\RunOnce: [apifi.exe] C:\WINDOWS\system32\apifi.exe
O4 - HKLM\..\RunOnce: [syskc32.exe] C:\WINDOWS\system32\syskc32.exe
O4 - HKLM\..\RunOnce: [netoj.exe] C:\WINDOWS\system32\netoj.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlen.exe

8. Genstart din computer i Normal tilstand og læg en frisk HijackThis log herind, sammen med log'en fra AboutBuster.
Avatar billede kalp Novice
03. september 2005 - 22:40 #4
Fromsej... helt sikker på den her???!!

http://castlecops.com/s2232-mscn_exe.html
Avatar billede fromsej Praktikant
03. september 2005 - 22:49 #5
Ja.
http://www.google.dk/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2005-17,GGLD:en&q=C%3A%5CWINDOWS%5Csystem32%5Cmscn%2Eexe
En Runonce på en placering du ikke finder andre steder på Google, det er 98% sikkert CWS.
Skulle jeg tage fejl, er problemet ikke større end at geninstallere SafeChildNet internet filtering program.
Ikke at jeg kender det.
Avatar billede crj100 Praktikant
03. september 2005 - 22:57 #6
Kalp: Sorry, jeg lavede vist en fej, fromsej: Jeg sender mere info i morgen aften.
Avatar billede fromsej Praktikant
03. september 2005 - 22:58 #7
Altså programmet, det at tage fejl kender jeg godt.
Nogle får papir på det endda (det kaldes vielsesattest.*GH*)
Avatar billede crj100 Praktikant
06. september 2005 - 08:33 #8
Nu er der det problem, at min bekendte slet ikke har alle de ovennævnte linier som der skal sættes flueben ved. Skal han bare markere dem han har?
Avatar billede kalp Novice
06. september 2005 - 08:53 #9
Han skal logge ind på en konto med administratorrettigheder og eller sørge for at logge ind i samme konto som den loggen er taget i.

Og nej selvfølgelig skal han ikke bare tage de linjer han har hehe der skal kun fikses hvad fromsej har nævnt!
Avatar billede crj100 Praktikant
06. september 2005 - 10:20 #10
Problemet er bare, at han ikke har alle de linier som Fromsej sagde skulle slettes. Hvad så? Skal han blot tage dem af Fromsej's liste han kan finde og slette? Og hvad med resten, hvor er de?
Avatar billede kalp Novice
06. september 2005 - 10:23 #11
Hvis han logger ind på en konto med admin rettigheder eller samme konto som den han loggede på da han lavede loggen så burde de være der.. ellers må han blot udføre hvad der står i fromsej's procedure af ting han kan og så kan man se i den nye log hvad der mangler at blive fjernet. Det kan være at nogen af de mange værktøjer har eller kan fjerne de ting der skulle fixes
Avatar billede fromsej Praktikant
06. september 2005 - 21:33 #12
Værktøjerne skulle gerne have snuppet det meste, det burde jeg nok have skrevet i mit forrige indlæg.
Avatar billede crj100 Praktikant
07. september 2005 - 09:13 #13
OK, tror kun der var to filer tilbage. Vender tilbage med resultatet i morgen aften.
Avatar billede crj100 Praktikant
09. september 2005 - 07:59 #14
Hej
Undskyld ventetiden. Her er de to filer:

Logfile of HijackThis v1.99.1
Scan saved at 07:03:26, on 09-09-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\lotus\wordpro\ltsstart.exe
C:\lotus\register\remind32.exe
C:\lotus\smartctr\suitest.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programmer\Outlook Express\MSIMN.EXE
C:\DOCUME~1\Claus\LOKALE~1\Temp\Midlertidig mappe 5 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sparnord.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by9fd.bay9.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094496182669
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photocare.dk/ImageUploader3.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

AboutBuster 5.0 reference file 28
Scan started on [05-09-2005] at [16:02:34]
------------------------------------------------
Removed Stream! C:\WINDOWS\AC3API.INI:hnzby
Removed Stream! C:\WINDOWS\aomxh.log:iosuis
Removed Stream! C:\WINDOWS\Blå silke 16.bmp:bplzlc
Removed Stream! C:\WINDOWS\bomvg.dat:dblxyo
Removed Stream! C:\WINDOWS\cdplayer.ini:vbelaq
Removed Stream! C:\WINDOWS\COM+.log:xxhavk
Removed Stream! C:\WINDOWS\DtcInstall.log:ypccy
Removed Stream! C:\WINDOWS\eerqs.txt:hscjgr
Removed Stream! C:\WINDOWS\fqeih.dat:rtfudl
Removed Stream! C:\WINDOWS\Grønne sten.bmp:blscl
Removed Stream! C:\WINDOWS\imsins.log:kmgvbq
Removed Stream! C:\WINDOWS\ixwrt.txt:elbevt
Removed Stream! C:\WINDOWS\jyuhp.txt:cpxbna
Removed Stream! C:\WINDOWS\jyuhp.txt:xltkpe
Removed Stream! C:\WINDOWS\Kaffebønne.bmp:jjmcmo
Removed Stream! C:\WINDOWS\KB823182.log:upqgpc
Removed Stream! C:\WINDOWS\KB823980.log:bkehoq
Removed Stream! C:\WINDOWS\KB834707.log:lqobgo
Removed Stream! C:\WINDOWS\KB839643.log:dryoaz
Removed Stream! C:\WINDOWS\KB873339.log:smlln
Removed Stream! C:\WINDOWS\KB885835.log:mfdwu
Removed Stream! C:\WINDOWS\KB885836.log:dneplq
Removed Stream! C:\WINDOWS\KB885836.log:nbbgxl
Removed Stream! C:\WINDOWS\KB887472.log:gcuusw
Removed Stream! C:\WINDOWS\KB887472.log:wfpcfa
Removed Stream! C:\WINDOWS\KB890047.log:zwoagz
Removed Stream! C:\WINDOWS\KB890923.log:rwhgak
Removed Stream! C:\WINDOWS\KB893756.log:mebxdp
Removed Stream! C:\WINDOWS\lkzmo.dat:jdhyvp
Removed Stream! C:\WINDOWS\MSGSOCM.LOG:smvqzo
Removed Stream! C:\WINDOWS\nflcf.dat:mqomn
Removed Stream! C:\WINDOWS\OCGEN.LOG:mcrjfk
Removed Stream! C:\WINDOWS\OCGEN.LOG:twkhln
Removed Stream! C:\WINDOWS\OCMSN.LOG:lujsey
Removed Stream! C:\WINDOWS\ODBCINST.INI:edkohu
Removed Stream! C:\WINDOWS\ODBCINST.INI:excuny
Removed Stream! C:\WINDOWS\odbxp.log:dubyha
Removed Stream! C:\WINDOWS\P16x.ini:upfaim
Removed Stream! C:\WINDOWS\Prærievind.bmp:mqpfcx
Removed Stream! C:\WINDOWS\Q328213.log:kuisjc
Removed Stream! C:\WINDOWS\Q328213.log:zjucqw
Removed Stream! C:\WINDOWS\Q329115.log:cvsfdn
Removed Stream! C:\WINDOWS\Q329390.log:oklnu
Removed Stream! C:\WINDOWS\Q331060.log:smiuro
Removed Stream! C:\WINDOWS\Q331953.log:hketwm
Removed Stream! C:\WINDOWS\Q810565.log:bvieu
Removed Stream! C:\WINDOWS\Q810833.log:knsaty
Removed Stream! C:\WINDOWS\Q811493.log:dosgrq
Removed Stream! C:\WINDOWS\Q811493.log:rloyqo
Removed Stream! C:\WINDOWS\Q815021.log:wolmls
Removed Stream! C:\WINDOWS\Q817606.log:vhyezz
Removed Stream! C:\WINDOWS\qrpbd.log:oirjuj
Removed Stream! C:\WINDOWS\QTW.INI:gicowl
Removed Stream! C:\WINDOWS\SchedLgU.Txt:houftd
Removed Stream! C:\WINDOWS\setupapi.log:aonknf
Removed Stream! C:\WINDOWS\setupapi.log:oobtr
Removed Stream! C:\WINDOWS\WIN.INI:xehdb
Removed Stream! C:\WINDOWS\WindowsUpdate.log:diixgh
Removed Stream! C:\WINDOWS\winhelp.ini:mjsddd
Removed Stream! C:\WINDOWS\WINNT.BMP:vibkaj
Removed Stream! C:\WINDOWS\wmsetup10.log:xddwzq
Removed Stream! C:\WINDOWS\WORDPAD.INI:henbub
Removed Stream! C:\WINDOWS\xlzly.dat:zskyms
Removed Stream! C:\WINDOWS\zfmql.txt:rtudgu
------------------------------------------------
Removed File! : C:\Windows\bomvg.dat
Removed File! : C:\Windows\fmrjt.dat
Removed File! : C:\Windows\ilstn.dll
Removed File! : C:\Windows\istoz.dat
Removed File! : C:\Windows\mrxwi.dll
Removed File! : C:\Windows\qlxxd.dat
Removed File! : C:\Windows\qnfva.dll
Removed File! : C:\Windows\qqvas.dat
Removed File! : C:\Windows\qxldd.dll
Removed File! : C:\Windows\vvbsb.dat
Removed File! : C:\Windows\wbvzg.dat
Removed File! : C:\Windows\wkvfu.dll
Removed File! : C:\Windows\System32\djdsq.dat
Removed File! : C:\Windows\System32\elkri.dat
Removed File! : C:\Windows\System32\epkff.dll
Removed File! : C:\Windows\System32\ivqaf.dat
Removed File! : C:\Windows\System32\iynoq.dat
Removed File! : C:\Windows\System32\izsls.dat
Removed File! : C:\Windows\System32\kmlkr.dat
Removed File! : C:\Windows\System32\lodbc09.dll
Removed File! : C:\Windows\System32\nowai.dll
Removed File! : C:\Windows\System32\qliil.dll
Removed File! : C:\Windows\System32\rknhs.dat
Removed File! : C:\Windows\System32\rloma.dat
Removed File! : C:\Windows\System32\ryexp.dat
Removed File! : C:\Windows\System32\smxhc.dll
Removed File! : C:\Windows\System32\uwzvk.dll
Removed File! : C:\Windows\System32\xzogq.dat
Removed File! : C:\Windows\System32\yxrca.dll
Removed File! : C:\Windows\System32\zwuol.dat
Removed File! : C:\Windows\System32\zzkmo.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 16:03:22

Håber dette er godt nok. Tilsyneladende er virussen væk, men hans Adaware finder stadig to filer, som vedbliver at komme. Jeg har foreslået at disable System restore når han kører Adaware. Og at prøve Microsofts antispyware program.
Avatar billede fromsej Praktikant
09. september 2005 - 09:06 #15
Det ville hjælpe meget med navne på de to filer, og en sti til dem.
Loggen er ren, About:Buster har gjort et godt stykke arbejde.
I kan lige prøve om Dr.Web kan finde mere.
Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Genstart i fejlsikret(tryk <F8> ved opstart).
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.
Klik så på den grønne fodgænger ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.

Vejledning i billeder findes her:
http://fromsej.dk/Vejledninger/html/drweb.html
Avatar billede crj100 Praktikant
09. september 2005 - 09:33 #16
Vender snarest tilbage :-)
Avatar billede crj100 Praktikant
30. september 2005 - 08:26 #17
Til fromsej:
Vil du lave et svar, så jeg kan give dig pointene? Problemet er løst lader det til.
Avatar billede fromsej Praktikant
30. september 2005 - 16:01 #18
Det kommer her.

Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Avatar billede crj100 Praktikant
30. september 2005 - 16:07 #19
Mange tak for hjælpen herfra :-)
God weekend.
Avatar billede fromsej Praktikant
30. september 2005 - 16:31 #20
Velbekomme, tak for point og god weekend. :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 19:37 Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
I dag 12:23 Facebook Af hkv i Sociale medier
I dag 11:38 JAVASCRIPT omdan ekstern variabel til søjleværdi .. Af snestrup2000 i Programmeringsværktøjer
I dag 09:50 jeg mangler hjælp til opsætning af shop og Google ADS Af Hightech i Webhotel
I dag 09:42 udstyr til udespa Af Hightech i Andet programmering
White papers
Flere white papers »