Notifikationer

Markér alle som læst Log ud

haglan Nybegynder

17. oktober 2005 - 22:50 Der er 16 kommentarer og
1 løsning

HijackThis log - google toolbar og mstask

Kære eksperter
Har et par problemer, jeg ikke selv kan skaffe mig af med, håber I vil kigge på min HijackThis-log.
Der er havnet en ekstra toolbar i min IE, som bl.a. tilbyder "HOT Ringtones", "Online Dating", "Online casinos" og (meget morsomt) "Virus Scan". Derudover kan jeg se på min netværkstrafik, at der hele tiden foregår trafik, samt at der bliver sendt mange flere data end der modtages - og det passer bare slet ikke med min faktiske brug. Derudover ligger min download-hastighed et sted mellem 1/4 og 1/8 af det, jeg rent faktisk betaler for...
For et par dage siden poppede mstask op et par gange af sig selv, uden jeg nogensinde har brugt programmet...
Har for nylig skiftet udbyder; kører fortsat Panda Antivirus, som ikke finder noget... Har forsøgt med Ad Aware, men det løste ikke problemet.

Håber på hurtigt svar - på forhånd tak!

---
Logfile of HijackThis v1.99.1
Scan saved at 22:52:10, on 17-10-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINNT\etb\pokapoka76.exe
C:\WINNT\system32\svc32.pif
C:\WINNT\system32\mswind32.pif
C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Unitek\Unitekco.exe
C:\WINNT\system32\ntvdm.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [System service76] C:\WINNT\\\etb\\pokapoka76.exe
O4 - HKLM\..\Run: [SVC Service] svc32.pif
O4 - HKLM\..\Run: [OS Security] mswind32.pif
O4 - HKLM\..\RunServices: [unitek] "C:\Program Files\unitek\unitekco.exe"
O4 - HKLM\..\RunServices: [SVC Service] svc32.pif
O4 - HKLM\..\RunServices: [OS Security] mswind32.pif
O4 - HKCU\..\Run: [ArGoSoftMailServer] C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [OS Security] mswind32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [OS Security] mswind32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Unitekco.lnk = C:\Program Files\Unitek\Unitekco.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} (SecureSession Class) - http://www.samsungtechwin.com/include/pki/SecuiTechIE.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {59B18099-4C1D-4A08-A9F7-ED0554006749} (Select Class) - http://shopping.jubii.dk/foto/components/photoupload.ocx
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo2day.com/XUpload.ocx
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.plf.dk/greve/ACGM/acgm.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

Synes godt om

johnstigers Seniormester

17. oktober 2005 - 22:57 #1

Kan se du er ramt af pokapoka - lader en af de seje klare den ;)

Synes godt om

haglan Nybegynder

17. oktober 2005 - 23:00 #2

Håbede lige nogen ville sige, at det var nemt...

Synes godt om

ejvindh Ekspert

17. oktober 2005 - 23:37 #3

Åhh - hold da op John. Sådan én har du da lige fixet for nylig :-)

Nå, men ok. Jeg (tror selv jeg) er én af de seje ;-)

1. Hent LQfix.exe her:
http://users.telenet.be/bluepatchy/miekiemoes/tools/LQfix.exe

2. Under dette punkt skal du have en netforbindelse åben. Dobbeltklik på LQfix.exe - programmet vil nu pakke sig ud i mappen LQfix. Åben denne mappe og dobbeltklik på ClickThis.bat og følg instruktionen på skærmen. Din computer vil blive genstartet, og der køres et automatisk script (så din opstart vil tage lidt længere tid end normalt).

3. Når computeren er klar - scan med HijackThis og læg en frisk log herind.
************************************************************
Hvis dette fix ikke virker (der kommer fejlmeldinger), så prøv den gamle udgave af fixet:

1. Hent miekiemoes LQfix fix her:
http://www.downloads.subratam.org/LQfix.zip
http://users.pandora.be/bluepatchy/LQfix.zip

Pak filen ud til dit Skrivebord.

2. Genstart i Fejlsikret tilstand (ved at taste F8 under opstart).

3. Dobbeltklik på LQfix.bat.

4. Genstart i Normal tilstand og læg en frisk log herind.

Synes godt om

haglan Nybegynder

17. oktober 2005 - 23:44 #4

Tak, det forsøger jeg!

Synes godt om

haglan Nybegynder

17. oktober 2005 - 23:59 #5

OK, LQfix kørte tilsyneladende fint og meldte "Completed" efter genstart. Tilsyneladende heller ingen pokapoka i den nye log:

---

Logfile of HijackThis v1.99.1
Scan saved at 00:07:54, on 18-10-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\system32\svc32.pif
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Unitek\Unitekco.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\OPLIMIT\ocrawr32.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SVC Service] svc32.pif
O4 - HKLM\..\RunServices: [unitek] "C:\Program Files\unitek\unitekco.exe"
O4 - HKLM\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [ArGoSoftMailServer] C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [OS Security] mswind32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Unitekco.lnk = C:\Program Files\Unitek\Unitekco.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} (SecureSession Class) - http://www.samsungtechwin.com/include/pki/SecuiTechIE.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {59B18099-4C1D-4A08-A9F7-ED0554006749} (Select Class) - http://shopping.jubii.dk/foto/components/photoupload.ocx
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo2day.com/XUpload.ocx
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.plf.dk/greve/ACGM/acgm.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

Synes godt om

haglan Nybegynder

18. oktober 2005 - 00:02 #6

Den uønskede toolbar er også væk, men der er stadig betydelig trafik på mit netkort, som jeg ikke kan se grunden til...

Synes godt om

ejvindh Ekspert

18. oktober 2005 - 00:21 #7

Det hjalp helt gevaldigt på den :-)

Der er en enkelt entry, som jeg er lidt i tvivl om:
O4 - HKLM\..\RunServices: [unitek] "C:\Program Files\unitek\unitekco.exe"

Kender du den, og kan du stå inde for den? Hvis ja, så skal du ikke fixe denne linie nedenfor.

Download og gem denne scanner på skrivebordet. Du skal ikke aktivere det endnu.
http://www.spywareinfo.dk/download/mwav.exe

Hent Ewido herfra (14 dages version af plus-versionen
http://www.ewido.net/en/download/
Installer og kør Ewido - opdater programmet.

Tast ctrl-alt-delete, Klik på Jobliste/Taskmanager, Processer/Processes. Find nedenstående processer, højreklik på dem og vælg afslut proces.
svc32.pif

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [SVC Service] svc32.pif
O4 - HKLM\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [OS Security] mswind32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif

Denne entry skal du kun fixe, hvis du ikke kender programmet:
O4 - HKLM\..\RunServices: [unitek] "C:\Program Files\unitek\unitekco.exe"

Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet herunder (nogle af dem er muligvis allerede blevet slettet af Hijackthis).
-------------------
Mapper:
C:\Program Files\Unitek\ <<<< kun hvis du ikke kender programmet!!!
-------------------
Filer:
C:\WINNT\system32\svc32.pif
C:\WINNT\system32\mswind32.pif
---------------------------------------
Kør en fuld scanning med Ewido. Programmet laver en lille log, som du skal kopiere herind i dit næste svar.

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Klik på scan clean. Det kan godt tage lang tid (nogle timer), men den er også meget effektiv.
Genstart til normal tilstand, lav en ny HJT-log, som du sender herind til check.

Synes godt om

ejvindh Ekspert

18. oktober 2005 - 00:23 #8

Hov, denne entry skal også fixes, hvis du ikke kender unitek:
O4 - Global Startup: Unitekco.lnk = C:\Program Files\Unitek\Unitekco.exe

Synes godt om

haglan Nybegynder

18. oktober 2005 - 00:36 #9

OK. Unitek siger mig ikke noget, så den ryger ud. Der kan tage timer at downloade mwav og Ewido - den fremmede datatrafik suger næsten al min båndbredde. Starter med HijackThis.

Synes godt om

ejvindh Ekspert

18. oktober 2005 - 00:41 #10

Det lyder som en god ide. Det kan meget vel være, at HJT-fixet i sig selv kan give dig din båndbredde tilbage. Hvis båndbredden stadig er dårlig efter HJT-fixet og sletningen af filerne, kan du evt. downloade Ewido/Mwav fra en anden computer, og så overføre dem vha. en Usb-pind eller en cd.

Synes godt om

haglan Nybegynder

18. oktober 2005 - 00:49 #11

Det ser ud til at vi havde heldet med os - jeg går i gang med download.
Er det i øvrigt et problem, at jeg ikke kan starte i fejlsikret (min pc har af en-eller-anden grund aldrig reageret på F8 under opstart?

Synes godt om

haglan Nybegynder

18. oktober 2005 - 05:30 #12

Og her kommer så loggen fra ewido (mangler endnu at køre mwav):

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 05:04:15, 18-10-2005
+ Report-Checksum: B66E3E8F

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-602162358-1677128483-1343024091-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Itrack : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Itrack : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.729:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.732:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.751:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.761:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Tfag : Cleaned with backup
:mozilla.776:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.787:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.788:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.800:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.820:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Realmedia : Cleaned with backup
:mozilla.830:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Realmedia : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.832:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Realmedia : Cleaned with backup
:mozilla.834:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.852:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.886:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\njnyw9ph.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@1de.cqcounter[1].txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@1xxx.cqcounter[1].txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@ads.x10[2].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@ads03.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@ads15.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@ads20.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@att.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@banner.commissionpartner[2].txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@c.porngraph[1].txt -> Spyware.Cookie.Porngraph : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@cz4.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@cz5.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@cz8.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@cz9.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@dbbsrv[2].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@download.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@geizhals.oewabox[1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@hekate.porntrack[1].txt -> Spyware.Cookie.Porntrack : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@image.masterstats[2].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@imgserv.adbutler[2].txt -> Spyware.Cookie.Adbutler : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@realmedia[2].txt -> Spyware.Cookie.Realmedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@sexcounter[1].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@spms.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@stats3.porntrack[2].txt -> Spyware.Cookie.Porntrack : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@tfag[2].txt -> Spyware.Cookie.Tfag : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@tuerck.de.counted[2].txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\allan@www.popuptraffic[1].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Realmedia : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\434c1sud.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@ads23.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@realmedia[1].txt -> Spyware.Cookie.Realmedia : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@spinbox[2].txt -> Spyware.Cookie.Spinbox : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Jeannie\Cookies\jeannie@track.commissionpartner[1].txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
C:\WINNT\Downloaded Program Files\serialorcrack.exe -> Spyware.Lop : Cleaned with backup
C:\WINNT\system32\MRT.exe -> Heuristic.Win32.AVKiller : Cleaned with backup

::Report End

Synes godt om

ejvindh Ekspert

18. oktober 2005 - 13:21 #13

Ja, der røg lige et par cookies og andet godt med Ewido :-)

Angående fejlsikret, så fungerer især Mwav bedst, hvis den køres fra fejlsikret. Der findes også andre måder at komme i fejlsikret på -- se her
http://fromsej.dk/html/xpfejl.html

Vil det heller ikke lykkes, så må du bare prøve at køre den i normal tilstand. Så tager vi den derfra...

Synes godt om

haglan Nybegynder

18. oktober 2005 - 20:12 #14

Fik sat mwav i gang inden jeg fik set dit sidste tip, så den er kørt i normal tilstand... Har dog rettet min boot.ini, så jeg fremover har mulighed for at komme i fejlsikret :)
HJT smider nu følgende log:

Logfile of HijackThis v1.99.1
Scan saved at 20:10:08, on 18-10-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\wuauclt.exe
C:\OPLIMIT\ocrawr32.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\RunServices: [unitek] "C:\Program Files\unitek\unitekco.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} (SecureSession Class) - http://www.samsungtechwin.com/include/pki/SecuiTechIE.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {59B18099-4C1D-4A08-A9F7-ED0554006749} (Select Class) - http://shopping.jubii.dk/foto/components/photoupload.ocx
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo2day.com/XUpload.ocx
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.plf.dk/greve/ACGM/acgm.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

Synes godt om

ejvindh Ekspert

18. oktober 2005 - 23:05 #15

Loggen er næsten ren. Du skal lige fixe denne linie:
O4 - HKLM\..\RunServices: [unitek] "C:\Program Files\unitek\unitekco.exe"

...og slette mappen:
C:\Program Files\unitek\

hvis den stadig er der. Genstart og se om entryen stadig er væk. Hvis ja, så tror jeg vi kan dømme din computer til at være ren. :-) Kører den tilfredsstillende nu ?

Du får også lige min afskeds-salut:

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Du kan også rense browser cachen (hvis du bruger IE-explorer)
1. Klik på Funktioner - Internetindstillinger
2. Under midlertidige filer, klik på Slet cookies
3. Under midlertidige filer, klik på slet filer – sæt flueben i slet alt offline indhold
4. Under Oversigten, klik på ryd oversigten
5. Klik på ok.
Tøm din papirkurv.
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Jeg vil anbefale at følgende som minimum bør være installeret: Antivirus, Spywareguard, Spywareblaster, IE-spyad og en firewall. Alle programmer kan du finde links til herfra:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Synes godt om

haglan Nybegynder

19. oktober 2005 - 22:26 #16

Rigtig mange tak herfra, det var til stor nytte og ganske lærerigt.
Jeg forsyner mig med hvad der måtte mangle fra sikkerhedspakken og håber det kan begrænse fremtidige problemer til et minimum.
Hvad gør jeg i øvrigt mht. oprydning i systemgendannelsesfilerne - anvisningerne er møntet på ME og XP, hvor jeg kører Win2000?

Synes godt om

ejvindh Ekspert

19. oktober 2005 - 22:31 #17

Ahh. Det er også rigtigt. Det havde jeg lige overset. I Win2000 er der ingen systemgendannelse. Derfor behøver du naturligvis heller ikke rydde op i disse filer. Så du springer bare dette afsnit over :-)

Velbekomme. Jeg takker for point :-)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS