Søg
Avatar billede villazio Nybegynder
06. december 2005 - 21:19 Der er 11 kommentarer og
2 løsninger

HijackThis log

Hej

Computeren kører efterhånden meget langsomt...

Er der nogle eksperter der vil se lidt på denne log?


Logfile of HijackThis v1.99.0
Scan saved at 21:15:24, on 06-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\Documents and Settings\Jens hjemme\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp04.photoprintit.de/microsite/10023/defaults/activex/ImageUploader3.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programmer\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: F-Secure BackWeb - Unknown - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown - C:\Programmer\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent - F-Secure Corporation. All Rights Reserved. - C:\Programmer\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Norton Internet Security Proxy Service - Unknown - C:\Programmer\Norton Internet Security\SymProxySvc.exe (file missing)

På forhånd tak
Avatar billede arlet Juniormester
06. december 2005 - 21:19 #1
tjekker den
Avatar billede arlet Juniormester
06. december 2005 - 21:20 #2
Hent lige nyeste version af hijackthis(1.99.1) herfra:
http://www.arlet.dk/hjt.exe
og lav en ny log
Avatar billede villazio Nybegynder
06. december 2005 - 21:25 #3
Logfile of HijackThis v1.99.1
Scan saved at 21:25:14, on 06-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jens hjemme\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp04.photoprintit.de/microsite/10023/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: iexplore - 4fgde.dll (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programmer\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programmer\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Avatar billede arlet Juniormester
06. december 2005 - 21:28 #4
Ewido skal du downloade her: http://www.ewido.net/en/download/ ( Vi skal bruge den senere)
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet.

-----------------------

Dr.Web skal du downloade her:ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

-----------------------


Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O20 - Winlogon Notify: iexplore - 4fgde.dll (file missing)

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)

Kør en fuld scanning med Dr.Web den starter med en hurtig hukommelsesscan, herefter når den er færdig, skal du markere dine drev, og så trykke på den lille grønne mand nede til højre.

Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med: Total session statistics

-------------------------------

Stadig i fejlsikret:
Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido
Avatar billede villazio Nybegynder
06. december 2005 - 21:39 #5
Er i gang...
Avatar billede villazio Nybegynder
06. december 2005 - 22:30 #6
Har problemer. Computeren går ned og ud under scanning med drWeb
Avatar billede arlet Juniormester
06. december 2005 - 22:31 #7
Så spring den scanning over
Avatar billede villazio Nybegynder
06. december 2005 - 22:34 #8
ok
Avatar billede villazio Nybegynder
06. december 2005 - 22:49 #9
Total session statistics
=============================================================================
Objects scanned: 99
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1483 Kb/s
Scan time: 00:00:15
=============================================================================

                                                                                                                                                    - Ok
C:\WINDOWS\WMSysPrx.prx - Ok
C:\WINDOWS\control.ini - Ok
C:\WINDOWS\WMSysPr9.prx - Ok
C:\WINDOWS\SchedLgU.Txt - Ok
C:\WINDOWS\SND531unin.txt - Ok
C:\WINDOWS\twain_16.dll - Ok
C:\WINDOWS\wininit.ini - Ok
Avatar billede villazio Nybegynder
06. december 2005 - 23:46 #10
Det tog lang tid!


---------------------------------------------------------
ewido security suite - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            23:34:03, 06-12-2005
+ Rapport-Checksum:        1BE8577F

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{5AB65DD4-01FB-44D5-9537-3767AB80F790} -> Spyware.WebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{771A1334-6B08-4a6b-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Renset med backup
    HKLM\SOFTWARE\Classes\msielink.relatedlinksProtocol -> Spyware.WebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\msielink.relatedlinksProtocol\Clsid -> Spyware.WebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Renset med backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Renset med backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CurVer -> Spyware.YourSiteBar : Renset med backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer.1 -> Spyware.YourSiteBar : Renset med backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{850CD0B8-DA33-4558-A8C8-95D7908E37A7} -> Spyware.WebSearch : Renset med backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSIELINK_DLL -> Spyware.WebSearch : Renset med backup
    HKU\S-1-5-21-1599196801-2106517767-3757435101-1005\Software\Comsoft -> Dialer.Generic : Renset med backup
    C:\WINDOWS\system32\tmpf00.exe -> Spyware.Appolinaria : Renset med backup
    C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Renset med backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Renset med backup
    C:\Documents and Settings\Jens hjemme\Cookies\jens hjemme@ad.adition[1].txt -> Spyware.Cookie.Adition : Renset med backup
    C:\Documents and Settings\Jens hjemme\Cookies\jens hjemme@com[2].txt -> Spyware.Cookie.Com : Renset med backup
    C:\Documents and Settings\Jens hjemme\Cookies\jens hjemme@cz4.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Jens hjemme\Cookies\jens hjemme@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Renset med backup
    C:\Documents and Settings\Jens hjemme\Cookies\jens hjemme@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Renset med backup
    C:\Documents and Settings\Jens hjemme\Cookies\jens hjemme@burstnet[1].txt -> Spyware.Cookie.Burstnet : Renset med backup
    C:\Documents and Settings\Jens hjemme\Cookies\jens hjemme@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.6:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.7:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.8:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.9:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.10:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.11:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.12:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.13:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.21:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.22:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.23:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    ->  : Fejl under renselse
    :mozilla.34:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Ru4 : Renset med backup
    :mozilla.40:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Renset med backup
    :mozilla.45:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Renset med backup
    :mozilla.48:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Adserver : Renset med backup
    :mozilla.49:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Adserver : Renset med backup
    :mozilla.54:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.56:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Renset med backup
    :mozilla.8:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Linkbuddies : Renset med backup
    :mozilla.90:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.91:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.98:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.99:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.100:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.101:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.102:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.118:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Burstnet : Renset med backup
    :mozilla.160:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Com : Renset med backup
    :mozilla.161:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Com : Renset med backup
    :mozilla.172:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Adition : Renset med backup
    :mozilla.174:C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Firefox\Profiles\g8cts4vy.default\cookies.txt -> Spyware.Cookie.Adition : Renset med backup


::Rapport slut

--------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 23:45:44, on 06-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\Jens hjemme\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jens hjemme\Application Data\Mozilla\Profiles\default\t1ug48y7.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp04.photoprintit.de/microsite/10023/defaults/activex/ImageUploader3.cab
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programmer\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programmer\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Avatar billede arlet Juniormester
07. december 2005 - 15:48 #11
Ja, det tog lang tid, men den er effektiv..

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm
Avatar billede villazio Nybegynder
07. december 2005 - 16:00 #12
Så er jeg tilbage. Jeg takker for hjælpen - det var godt med lidt julerengøring.
Avatar billede arlet Juniormester
07. december 2005 - 16:01 #13
Velbekommen..

fortsat god dag
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 10:29 Negativ billeder på samsung Af ALICE i Småopgaver
I går 15:45 HJÆLP - Lopslag, Indeks? Hvad gør jeg! Af Eva i Excel
14/0119:38 Webmail yousee Af nu_igen i E-mail programmer
14/0113:00 Blå pile på foto? Af hkprofil i Office & Kontorpakker
13/0123:48 Tekst til Dato Af nyhavn18 i Excel
White papers
Flere white papers »