Søg
Avatar billede garfieldzx Nybegynder
11. december 2005 - 13:43 Der er 18 kommentarer og
1 løsning

Spy axe, highjackthis log

Jeg er blevet den heldige indehaver af spy axe  :@

Håber der er en venlig sjæl der lige vil tjekke min highjackthis log, og fortælle mig hva jeg ellers skal gøre for at komme af med det snavs.

Logfile of HijackThis v1.99.1
Scan saved at 13:39:24, on 11-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\ATI Technologies\ATI Kontrolpanel\atiptaxx.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Fælles filer\soft602\pdfSaver.exe
C:\Programmer\SpyAxe\spyaxe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\programmer\mailskinner\mailskinner.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\SpyAxe\spyaxe.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Documents and Settings\Alan Bay\Skrivebord\zx\11-12-2005\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer leveret af Opasia
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HomepageBHO - {724510c3-f3c8-4fb7-879a-d99f29008a2f} - C:\WINDOWS\system32\hp554F.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Programmer\Fælles filer\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [SpyAxe] C:\Programmer\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1071.dll,InstantAccess
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MailSkinner] c:\programmer\mailskinner\mailskinner.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.tv2.dk
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1044_EN_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_ASPIV4_XP.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1043_EN_XP.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1045_EN_XP.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab
O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4_XP.cab
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1061_XP.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Avatar billede fromsej Praktikant
11. december 2005 - 13:46 #1
Jeg tjekker den nu.
Avatar billede fromsej Praktikant
11. december 2005 - 13:46 #2
1. Hent og dobbeltklik på smitRem.exe

http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

Programmet pakker sig ud til mappen smitRem.

2. Hent Ewido, hvis du ikke har den i forvejen:

http://www.spywarefri.dk/downloads1/ewido-setup.exe

Installer og kør Ewido - Opdater straks efter installationen programmet (men lad være med at scanne endnu).


3. Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:

http://fromsej.dk/html/xpfejl.html


4. Åbn mappen smitRem, og dobbeltklik på RunThis.bat (Følg vejledningen i vinduet.)

5. Kør en fuld scanning med Ewido. Programmet laver en lille log, som du skal kopiere herind.

6. Genstart og kom med en frisk Hijackthislog, samt loggen fra Ewido. Find smitfiles.txt via Start/Søg. Kopier også denne log ind.
Avatar billede garfieldzx Nybegynder
11. december 2005 - 15:55 #3
---------------------------------------------------------
ewido security suite - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            15:18:08, 11-12-2005
+ Rapport-Checksum:        670D6FDB

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} -> Dialer.Generic : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} -> Dialer.Generic : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Spyware.BargainBuddy : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Renset med backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Renset med backup
    HKU\S-1-5-21-2781504589-1943663836-840360825-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} -> Dialer.Generic : Renset med backup
    HKU\S-1-5-21-2781504589-1943663836-840360825-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Renset med backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Renset med backup
    C:\dialler.exe111 -> Heuristic.Win32.Dialer : Renset med backup
    C:\Documents and Settings\Alan Bay\Cookies\alan bay@adtech[2].txt -> Spyware.Cookie.Adtech : Renset med backup
    C:\Documents and Settings\Alan Bay\Cookies\alan bay@advertising[2].txt -> Spyware.Cookie.Advertising : Renset med backup
    C:\Documents and Settings\Alan Bay\Cookies\alan bay@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Renset med backup
    C:\Documents and Settings\Alan Bay\Cookies\alan bay@atdmt[2].txt -> Spyware.Cookie.Atdmt : Renset med backup
    C:\Documents and Settings\Alan Bay\Cookies\alan bay@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Renset med backup
    C:\Documents and Settings\Alan Bay\Cookies\alan bay@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Renset med backup
    C:\Documents and Settings\Alan Bay\Cookies\alan bay@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Renset med backup
    C:\Documents and Settings\Jytte Bay\Cookies\jytte bay@banner.newyorkcasino[1].txt -> Spyware.Cookie.Newyorkcasino : Renset med backup
    C:\Documents and Settings\Jytte Bay\Cookies\jytte bay@goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Renset med backup
    C:\Documents and Settings\Jytte Bay\Cookies\jytte bay@grandonline[1].txt -> Spyware.Cookie.Grandonline : Renset med backup
    C:\Documents and Settings\Jytte Bay\Cookies\jytte bay@newyorkcasino[1].txt -> Spyware.Cookie.Newyorkcasino : Renset med backup
    C:\Documents and Settings\Jytte Bay\Cookies\jytte bay@www.grandonline[1].txt -> Spyware.Cookie.Grandonline : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP100\A0020561.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP100\A0020586.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP101\A0020599.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP102\A0020622.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP102\A0020632.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP102\A0020655.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP102\A0020676.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP102\A0020705.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP102\A0020721.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP103\A0020751.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP103\A0020786.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP103\A0020794.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP103\A0020822.exe -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP104\A0020839.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP105\A0020869.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP105\A0020888.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP106\A0020901.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP108\A0020923.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP108\A0020930.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP108\A0020953.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP109\A0020992.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP111\A0021043.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP112\A0022060.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP112\A0022068.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP112\A0022081.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP112\A0022090.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP113\A0022111.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP113\A0022116.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP113\A0022130.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP113\A0022160.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP113\A0022163.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP113\A0022169.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP114\A0022184.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP114\A0022200.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP115\A0022209.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP115\A0022217.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP115\A0022244.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP116\A0022257.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP116\A0022290.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP116\A0022299.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP117\A0022343.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP118\A0022366.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP118\A0022374.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP118\A0022388.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP118\A0022426.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP119\A0022454.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP120\A0022510.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP120\A0022528.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP121\A0022536.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP121\A0022549.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP121\A0022564.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP121\A0022582.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP122\A0023583.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP122\A0023585.tlb -> Trojan.Puper.bp : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP122\A0023596.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP122\A0023598.tlb -> Trojan.Puper.bp : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP122\A0023621.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP122\A0023625.tlb -> Trojan.Puper.bp : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP123\A0023651.tlb -> Trojan.Puper.bp : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP123\A0023653.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP123\A0023659.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP123\A0023662.tlb -> Trojan.Puper.bp : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023696.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023698.tlb -> Trojan.Puper.bp : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023710.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023713.tlb -> Trojan.Puper.bp : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023724.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023727.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023737.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023738.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023739.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023740.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP124\A0023741.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023759.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023761.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023765.exe -> Adware.Spyaxe : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023766.exe -> Downloader.Zlob.cb : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023773.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023776.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023782.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023786.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023792.exe -> Trojan.Puper.bq : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023799.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023802.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023832.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023833.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023839.exe -> Adware.Spyaxe : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023857.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023858.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023866.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP125\A0023868.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP128\A0023952.exe -> Adware.Spyaxe : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP129\A0023964.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP131\A0023980.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP132\A0023989.exe -> Adware.Spyaxe : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024256.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024264.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024275.exe -> Adware.Spyaxe : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024282.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024303.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024335.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024350.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024351.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024360.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP134\A0024361.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP135\A0024381.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP135\A0024382.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP135\A0024409.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP135\A0024417.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP135\A0024429.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP136\A0024441.dll -> Spyware.NaviPromo : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP136\A0024462.dll -> Not-A-Virus.Downloader.Win32.Spax.a : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP136\A0024465.tlb -> Downloader.Zlob.cf : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP136\A0024467.exe -> Hijacker.SpyAxe : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP76\A0018243.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP77\A0018270.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP77\A0018297.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP77\A0018310.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP78\A0018337.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP80\A0018373.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP80\A0018394.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP81\A0018439.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP81\A0018447.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP81\A0018457.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP81\A0018483.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP81\A0018528.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP81\A0018539.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP81\A0018555.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP81\A0018565.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP82\A0018569.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP82\A0018579.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP82\A0018617.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP83\A0018661.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP83\A0018691.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP84\A0018711.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP84\A0018730.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP85\A0018750.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP87\A0018799.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP87\A0018818.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP88\A0018835.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP88\A0018869.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP89\A0018901.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP90\A0018936.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP90\A0018946.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP90\A0018949.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP90\A0018973.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP90\A0019008.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP91\A0019029.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP91\A0019045.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP92\A0019067.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP93\A0019088.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP94\A0019141.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP94\A0019156.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP94\A0019178.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP94\A0019201.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP95\A0019299.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP95\A0019313.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP95\A0020321.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP96\A0020345.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP96\A0020366.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP97\A0020381.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP97\A0020393.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP98\A0020408.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP98\A0020488.dll -> Dialer.Generic : Renset med backup
    C:\System Volume Information\_restore{1A5BB231-CCF8-48FF-8AD3-21401F791F13}\RP99\A0020499.dll -> Dialer.Generic : Renset med backup
    C:\WINDOWS\p2esocks_1042.dll -> Trojan.Wintrim : Renset med backup
    C:\WINDOWS\system32\eg_auth_srv_1042.dll -> Trojan.Wintrim : Renset med backup
    C:\WINDOWS\system32\msclock32.dll -> Spyware.NaviPromo : Renset med backup
    C:\WINDOWS\system32\msplock32.dll -> Spyware.NaviPromo : Renset med backup
    C:\WINDOWS\system32\sysinetsvc32.dll -> Dialer.Generic : Renset med backup
    C:\WINDOWS\system32\sysnetsvc32.dll -> Dialer.Generic : Renset med backup


::Rapport slut



------------------------------------------------------------------------------------



  smitRem © log file
    version 2.8

    by noahdfear


Microsoft Windows XP [version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SpyAxeFix © by noahdfear

spyaxe directory present

spyaxe uninstaller present

Starting spyaxe uninstaller

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

svchosts.dll
1024 dir
msvol.tlb
ncompat.tlb
nvctrl.exe
hp***.tmp


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 728 'explorer.exe'

Starting registry repairs

Deleting files


  Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)

-------------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 15:51:50, on 11-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\ATI Technologies\ATI Kontrolpanel\atiptaxx.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Fælles filer\soft602\pdfSaver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\programmer\mailskinner\mailskinner.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Documents and Settings\Alan Bay\Skrivebord\zx\11-12-2005\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer leveret af Opasia
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Programmer\Fælles filer\soft602\pdfSaver.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1071.dll,InstantAccess
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MailSkinner] c:\programmer\mailskinner\mailskinner.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.tv2.dk
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1044_EN_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_ASPIV4_XP.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1043_EN_XP.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1045_EN_XP.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab
O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4_XP.cab
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1061_XP.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

-------------------------------------------------------------------------------------

Det er så alle 3 logfiler
Avatar billede fromsej Praktikant
11. december 2005 - 16:20 #4
Det ser fornuftigt ud noget af det, men der er en enkelt satan, jeg håber dette kan klare.

Download Brute Force Uninstaller.
Pak det ud i c:\BFU
http://castlecops.com/zx/Merijn/bfu.zip

Højreklik på dette link og vælg Gem destination som, gem det i C:\BFU
http://metallica.geekstogo.com/EGDACCESS.bfu

Dobbeltklik på BFU.exe

I scriptfile to execute kopierer du dette ind:
c:\bfu\EGDACCESS.bfu
Klik på execute og lad programet køre.

Klik OK, når den fortæller at den er færdig, klik så på Exit.

Genstart og kom med en frisk Hijackthislog.
Avatar billede garfieldzx Nybegynder
11. december 2005 - 16:39 #5
Logfile of HijackThis v1.99.1
Scan saved at 16:38:57, on 11-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\ATI Technologies\ATI Kontrolpanel\atiptaxx.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Fælles filer\soft602\pdfSaver.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\programmer\mailskinner\mailskinner.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Documents and Settings\Alan Bay\Skrivebord\zx\11-12-2005\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer leveret af Opasia
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Programmer\Fælles filer\soft602\pdfSaver.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1071.dll,InstantAccess
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MailSkinner] c:\programmer\mailskinner\mailskinner.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.tv2.dk
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1044_EN_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_ASPIV4_XP.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1043_EN_XP.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1045_EN_XP.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab
O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4_XP.cab
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1061_XP.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Avatar billede fromsej Praktikant
11. december 2005 - 16:50 #6
Nå ikke, så må vi prøve manuelt.

Download og gem denne scanner på skrivebordet. Du skal ikke aktivere den endnu.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Kig denne vejledning grundigt igennem.
http://fromsej.dk/Vejledninger/html/drweb.html
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1071.dll,InstantAccess
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1044_EN_XP.cab
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_ASPIV4_XP.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1043_EN_XP.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1045_EN_XP.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab
O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4_XP.cab
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1061_XP.cab

---------------------------------------
Sletning af \mapper\ og filer:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
<Ingen>
-------------------
Filer:
EGDACCESS_1071.dll
Lav en søgning på dette også, slet alt der bliver fundet:
EGDACCES*.*
---------------------------------------
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.
---------------------------------------
Genstart normalt, hent og installer programmet Ad-aware hvis du da ikke har det i forvejen. Opdater det straks efter installationen, og inden du kører en scanning med denne. Fjern alt hvad den finder. Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/tipsogtricks.htm#adaware
Følg også vejledningen her til udvidet søgning:
http://www.spywarefri.dk/manualer/adaware-manual.htm
---------------------------
Genstart normalt og kom med en frisk Hijackthislog.
Avatar billede garfieldzx Nybegynder
12. december 2005 - 17:39 #7
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 123138
Infected objects found: 17
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 5
Dialer programs found: 11
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 1
Objects cured: 0
Objects deleted: 13
Objects renamed: 1
Objects moved: 0
Objects ignored: 0
Scan speed: 112 Kb/s
Scan time: 00:48:24
=============================================================================




Logfile of HijackThis v1.99.1
Scan saved at 17:38:20, on 12-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\ATI Technologies\ATI Kontrolpanel\atiptaxx.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Fælles filer\soft602\pdfSaver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\programmer\mailskinner\mailskinner.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ijrpwmuxhd.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Documents and Settings\Alan Bay\Skrivebord\zx\12-12-2005\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer leveret af Opasia
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Programmer\Fælles filer\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [emjuqni] c:\windows\system32\emjuqni.exe -start
O4 - HKLM\..\Run: [ijrpwmuxhd] c:\windows\system32\ijrpwmuxhd.exe -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MailSkinner] c:\programmer\mailskinner\mailskinner.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.tv2.dk
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

------------------------------------------------------------------------------------------------
Avatar billede fromsej Praktikant
12. december 2005 - 18:30 #8
Det går da fremad.

Fixes med Hijackthis:
O4 - HKLM\..\Run: [emjuqni] c:\windows\system32\emjuqni.exe -start
O4 - HKLM\..\Run: [ijrpwmuxhd] c:\windows\system32\ijrpwmuxhd.exe -start

Genstart i fejlsikret og slet:
c:\windows\system32\emjuqni.exe
c:\windows\system32\ijrpwmuxhd.exe

Genstart normalt, upload denne hos Jotti: http://virusscan.jotti.org/
C:\WINDOWS\system32\winlogon.exe
Kom med resultatet, og en frisk hijackthislog.
Avatar billede garfieldzx Nybegynder
13. december 2005 - 15:28 #9
Logfile of HijackThis v1.99.1
Scan saved at 15:04:54, on 13-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\ATI Technologies\ATI Kontrolpanel\atiptaxx.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Fælles filer\soft602\pdfSaver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\programmer\mailskinner\mailskinner.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Documents and Settings\Alan Bay\Skrivebord\zx\13-12-2005\next\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer leveret af Opasia
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Programmer\Fælles filer\soft602\pdfSaver.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MailSkinner] c:\programmer\mailskinner\mailskinner.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.tv2.dk
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE



Du skriver:
Genstart i fejlsikret og slet:
c:\windows\system32\emjuqni.exe
c:\windows\system32\ijrpwmuxhd.exe

Ingen af de filer findes, men der findes nogen der hedder:


emjuqni.dat
emjuqni_nav.dat
emjuqni_navps.dat
Avatar billede fromsej Praktikant
13. december 2005 - 17:04 #10
Slet de tre.

Så er din log ren, vi behøver ikke at se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.
Avatar billede garfieldzx Nybegynder
13. december 2005 - 17:15 #11
Jeg takker mange gange, jeg har siddet med din dejlige hjælp og fixet den pc via fjernsupport (det med safe mode måtte han selv klare *G*) jeg vil lige høre om du vil tjekke min highjackthis log, der bør ikke være problemer, men altid rart lige at få den set igennem en gang imellem hehe
Avatar billede fromsej Praktikant
13. december 2005 - 17:19 #12
Velbekomme.*S*
Fjernsupport puha, det er noget af en opgave.

Du smider bare loggen ind, så kigger jeg om 357 Spywarefrimails.*S*
Avatar billede garfieldzx Nybegynder
13. december 2005 - 17:22 #13
ja noget besværligt er det med fjernsupport, men ham du hjalp er lykkelig over din hjælp, samt min for at gøre de ting du skrev hehe :)

her kommer min log.


Logfile of HijackThis v1.99.1
Scan saved at 17:20:38, on 13-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HyperSnap-DX 5\HprSnap5.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
D:\Progz\Spyware\crap\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HyperSnap-DX 5.lnk = C:\Program Files\HyperSnap-DX 5\HprSnap5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120034157511
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Avatar billede Computer Hjælp (Gratis) Mester
13. december 2005 - 18:02 #14
<fromsej>: GoSub http://exp.dk/spm/671873 [SpyAxe] specialist !!!
Avatar billede fromsej Praktikant
13. december 2005 - 20:51 #15
Bortset fra Messengerplus, som er sponsoreret af en af verdens allerværste spywareproducenter, og derfor i mine øjne skulle udryddes fuldstaændigt, er din log fin og ren.*S*

dr1 >> Kigger.
Avatar billede Computer Hjælp (Gratis) Mester
13. december 2005 - 20:57 #16
<garfieldzx>: Delte meninger om [MessengerPlus3] -> http://www.eksperten.dk/spm/528544
Avatar billede garfieldzx Nybegynder
17. december 2005 - 16:03 #17
fromsej,

Er du her stadig?

Jeg kørte de 2 programmer du skrev: (smitRem og Ewido)

på mit eget system som intet fejlede, tænkte det kunne ikke tage skade, men det kunne det :(
min desktop er som win98, har dos selv rettet den til det normale XP tema, en ting mere, skal trykke ctrl + alt + delete, inden jeg kan skrive min kode så jeg kan logge på windows, min internetexplore er ca 45 MIN om at åbne en side: så har installeret ny browser (firefox) og jeg har ikke kunne komme på msn siden... (msn fejlkoden er 80048820) har søgt på den, og gjort som jeg skulle, samt installere msn igen... virkede ikke...
Avatar billede garfieldzx Nybegynder
17. december 2005 - 17:34 #18
weeeeee fandt sq selv svaret, dog ved at læse maaaaaaaange indlæg igennem herinde :D

http://www.msnfanatic.com/articles/solving-error-80048820-444.html?8e732ed214942613adfd4e37e83d2e29=019dde4a83506649143cf30a5a6e7c03

der så jeg løsningen på det med msn, det andet er mig stadig lidt en gåde, men fuck det, kan bruge min msn nu, og har en browser der virker ;)
Avatar billede fromsej Praktikant
17. december 2005 - 17:53 #19
Ja, jeg er her endnu.
Hent denne fil, pak den ud og dobbeltklik på iereg.bat:
http://www.fbeej.ctrlaltdel.dk/Programmer/iereg.zip

Prøv at højreklikke på Proceslinien, vælg egenskaber, fanebladet "Menuen Start", tjek at prikken ikke er i Klassisk.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
24/0417:35 Kan ikke resette PC med Windows 8.1 Af TTA i Office & Kontorpakker
24/0413:33 Lukning af Microsoftkonto Af ErikHg i Windows
23/0416:10 Bat file. Af johnnylassen i Andet programmering
23/0410:28 “Signe” Svindel omtalt i medier Af nu_igen i Mobiltelefoner
22/0420:59 RAID controller virker ikke ved tilslutning af alle 4 harddiske Af Strawberry i Andet hardware
White papers
Flere white papers »