Søg
Avatar billede dbjsmed Nybegynder
29. december 2005 - 10:41 Der er 7 kommentarer og
3 løsninger

Hijackthis log fil, hvis nogen kan checke denne. tak

Logfile of HijackThis v1.99.1
Scan saved at 10:33:26, on 29-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\essspk.exe
C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\twain_32\A4S2_600\watch.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Lokale indstillinger\Temporary Internet Files\Content.IE5\4HOVW3CN\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/notebooks/pavilion/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp72C9.tmp (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmer\Fælles filer\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wiyyqo.exe reg_run
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2_600\watch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/home
O15 - Trusted Zone: *.bgbank.dk
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: Profile CAPI 7,0,0,478 - https://udstedelse.certifikat.tdc.dk/person/applets/entrustprofileapplet-capi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098980804325
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede arlet Juniormester
29. december 2005 - 10:42 #1
tjekker den nu
Avatar billede dbjsmed Nybegynder
29. december 2005 - 10:44 #2
Det var hurtigt..tak
Avatar billede arlet Juniormester
29. december 2005 - 10:51 #3
Hent og dobbeltklik på smitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Programmet pakker sig ud til mappen smitRem.

Hent Ccleaner: http://www.ccleaner.com/ccdownload.asp
Installer programmet, men lad vær med at køre det endnu!
Husk at vælge dansk ved installationen.

Hent Ewido: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet, (men lad være med at scanne endnu).

-----

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)

-----

Åbn mappen smitRem, og dobbeltklik på RunThis.bat (Følg vejledningen i vinduet.)

Nu skal du køre CCleaner, som du hentede tidligere.
Tryk så på "Renser" i menuen i venstre side.
Under windows fanebladet skal du fjerne hakket i cookies
Nu skal du trykke på knappen "Kør Cleaner" - det gør du mindst 2 gange.
Tryk så på "Problemer" i menuen i venstre side.
Nu skal du trykke på knappen "Skan efter problemer" og efter at den er færdig med skanne på "Udbedre valgte problemer.." Sig ja til at gemme en backup og tryk dernæst på "Udbedre alle valgte problemer" - det gør du mindst 2 gange.
Luk programmet.

Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Genstart almindeligt, kør et scan med Panda:
http://www.arlet.dk/panda.htm

Klik på Start->Kontrolpanel->Skærm->Skrivebord->Tilpas Skrivebordet->Web fjern flueben i Security Info og View my Active desktop as a web page (Det er ikke sikkert det eksisterer).

Genstart og kom med en frisk Hijackthislog, samt loggen fra Ewido. Find smitfiles.txt via Start/Søg. Kopier også denne log ind.
Avatar billede dbjsmed Nybegynder
30. december 2005 - 11:06 #4
Undskyld den lange ventetid

okay her er den nye Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:59:03, on 30-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\essspk.exe
C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\twain_32\A4S2_600\watch.exe
C:\MSCAN\Msoffice\panel.exe
C:\Documents and Settings\Ejer\Dokumenter\prog\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/notebooks/pavilion/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmer\Fælles filer\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2_600\watch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/home
O15 - Trusted Zone: *.bgbank.dk
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: Profile CAPI 7,0,0,478 - https://udstedelse.certifikat.tdc.dk/person/applets/entrustprofileapplet-capi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098980804325
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

og så smitfiles


  smitRem © log file
    version 2.8

    by noahdfear


Microsoft Windows XP [version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe


~~~ Icons in System32 ~~~

ot.ico


~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 768 'explorer.exe'
Killing PID 768 'explorer.exe'

Starting registry repairs

Deleting files


  Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)

Så Ewido

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            12:21:30, 29-12-2005
+ Rapport-Checksum:        BD521EAF

+ Scanningsresultat:
    [236] C:\WINDOWS\system32\ssldr32.dll -> Proxy.Agent.hs : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@adtech[2].txt -> Spyware.Cookie.Adtech : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@com[2].txt -> Spyware.Cookie.Com : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@cz11.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@cz9.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@data1.perf.overture[1].txt -> Spyware.Cookie.Overture : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@e-2dj6wjliepajklp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Renset med backup
    C:\Documents and Settings\Ejer\Cookies\ejer@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a.exe -> Downloader.Harnig.ax : Renset med backup
    C:\Programmer\iolo\System Mechanic 5\Undo\Manual\{DADA2189-71D9-4CD0-8824-8E40E7E64490}\{1F617B45-53A0-4FB9-AC64-BEA3D74CA8B4}.tmp/{1F617B45-53A0-4FB9-AC64-BEA3D74CA8B4}.tmp -> Downloader.CWS.r : Fejl under renselse
    C:\Programmer\iolo\System Mechanic 5\Undo\Manual\{DADA2189-71D9-4CD0-8824-8E40E7E64490}\{95618881-7A48-4D3C-9D27-7014BB403525}.tmp/{95618881-7A48-4D3C-9D27-7014BB403525}.tmp -> Downloader.CWS.r : Fejl under renselse
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039057.exe -> Downloader.Qoologic.at : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039061.exe -> Trojan.Pakes : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039062.dll -> Downloader.Qoologic.az : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039063.dll -> Downloader.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039071.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039072.exe -> Trojan.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039073.exe -> Trojan.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039074.exe -> Trojan.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039075.exe -> Trojan.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039078.exe -> Downloader.Tiny.al : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039079.dll -> Downloader.Qoologic.at : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039080.cpl -> Downloader.Qoologic.at : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP253\A0039087.exe -> Downloader.Qoologic.at : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP254\A0039093.exe -> Trojan.Pakes : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP254\A0039094.dll -> Downloader.Qoologic.az : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP255\A0039104.exe -> Trojan.Pakes : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP255\A0039105.dll -> Downloader.Qoologic.az : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP255\A0039106.dll -> Downloader.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP255\A0039159.exe -> Trojan.Pakes : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP255\A0039160.dll -> Downloader.Qoologic.az : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP255\A0039161.dll -> Downloader.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP255\A0039174.exe -> Trojan.Pakes : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP255\A0039175.dll -> Downloader.Qoologic.az : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP255\A0039176.dll -> Downloader.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP257\A0039230.exe -> Trojan.Pakes : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP257\A0039231.dll -> Downloader.Qoologic.az : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP257\A0039232.dll -> Downloader.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039284.EXE -> Not-A-Virus.Hoax.Win32.Renos.aj : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039307.dll -> Adware.SpySheriff : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039309.DLL -> Spyware.SpywareNo : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039310.dll -> Adware.SpySheriff : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039311.EXE -> Adware.SpySheriff : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039325.CPL -> Downloader.Qoologic.at : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039341.EXE -> Downloader.Qoologic.at : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039407.exe -> Adware.CommAd : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039408.EXE -> Hijacker.StartPage.aw : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039409.EXE -> Downloader.Small.buy : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039410.EXE -> Downloader.TSUpdate.o : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039601.exe -> Trojan.Pakes : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039602.dll -> Downloader.Qoologic.az : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP258\A0039603.dll -> Downloader.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039709.exe -> Trojan.Pakes : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039710.dll -> Downloader.Qoologic.az : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039711.dll -> Downloader.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039748.exe -> Downloader.Zlob.dk : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039749.exe -> Downloader.Zlob.dl : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039831.exe -> Trojan.Pakes : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039832.dll -> Downloader.Qoologic.az : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039833.dll -> Downloader.Small : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039842.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039843.exe -> Downloader.Adload.l : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039844.exe -> Downloader.Adload.l : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039845.exe -> Dropper.Agent.aed : Renset med backup
    C:\System Volume Information\_restore{5639B98F-D4BC-45D8-93E9-EB0CBBBC45D9}\RP259\A0039847.exe -> Downloader.Adload.j : Renset med backup
    C:\WINDOWS\system32\eoqqsuo.dll -> Downloader.Qoologic.az : Renset med backup
    C:\WINDOWS\system32\feggq.dll -> Downloader.Small : Renset med backup
    C:\WINDOWS\system32\fskkvbs.exe -> Trojan.Pakes : Renset med backup
    C:\WINDOWS\system32\ssldr32.dll -> Proxy.Agent.hs : Renset med backup
    C:\WINDOWS\system32\wiyyqo.exe -> Downloader.Qoologic.at : Renset med backup


::Rapport slut

og til sidst Panda


Incident                      Status                        Location                                                                                                                                                                                                                                                       

Adware:adware/favoriteman    Not desinfected              C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf                                                                                                                                                                                                             
Adware:adware/securityerror  Not desinfected              C:\Documents and Settings\Ejer\Foretrukne\Antivirus Test Online.url                                                                                                                                                                                           
Adware:adware/tvmedia        Not desinfected              C:\Documents and Settings\Ejer\Application Data\tvmknwrd.dll                                                                                                                                                                                                   
Adware:adware/dollarrevenue  Not desinfected              C:\WINDOWS\drsmartload.dat                                                                                                                                                                                                                                     
Adware:adware/cws.searchmeup  Not desinfected              C:\WINDOWS\kl.exe                                                                                                                                                                                                                                             
Adware:adware/secure32        Not desinfected              C:\WINDOWS\secure32.html                                                                                                                                                                                                                                       
Adware:adware/popupsandbannersNot desinfected              C:\WINDOWS\timessquare1.dat                                                                                                                                                                                                                                   
Adware:adware/windowenhancer  Not desinfected              C:\WINDOWS\SYSTEM32\SBUtils                                                                                                                                                                                                                                   
Virus:Exploit/ByteVerify      Disinfected                  C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-e736495-38fcdd7d.zip[Matrix.class]                                                                                                                 
Virus:Exploit/ByteVerify      Disinfected                  C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-e736495-38fcdd7d.zip[Dummy.class]                                                                                                                   
Virus:Trj/Spabot.Y            Disinfected                  C:\Programmer\iolo\System Mechanic 5\Undo\Manual\{DADA2189-71D9-4CD0-8824-8E40E7E64490}\{CC432A7E-C13C-4074-B67F-D63E328D75AD}.tmp[{CC432A7E-C13C-4074-B67F-D63E328D75AD}.tmp]                                                                                 
Adware:Adware/NetPals        Not desinfected              C:\WINDOWS\Downloaded Program Files\ATPartners.inf                                                                                                                                                                                                             
Håber det gir klart billede.
Avatar billede arlet Juniormester
30. december 2005 - 16:45 #5
Fix disse med hijackthis:
R3 - Default URLSearchHook is missing

O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)

genstart og ny hijackthis log
Avatar billede dbjsmed Nybegynder
30. december 2005 - 18:10 #6
Logfile of HijackThis v1.99.1
Scan saved at 18:09:34, on 30-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\essspk.exe
C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\twain_32\A4S2_600\watch.exe
C:\MSCAN\Msoffice\panel.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Dokumenter\prog\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/notebooks/pavilion/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmer\Fælles filer\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2_600\watch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/home
O15 - Trusted Zone: *.bgbank.dk
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: Profile CAPI 7,0,0,478 - https://udstedelse.certifikat.tdc.dk/person/applets/entrustprofileapplet-capi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098980804325
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede arlet Juniormester
30. december 2005 - 18:14 #7
Hov, jeg havde overset en..

Denne skal fixes i hijackthis:
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)

genstart og hvis den er væk, skal jeg ikke se en ny hijackthis, så er loggen ren..
Avatar billede Computer Hjælp (Gratis) Mester
30. december 2005 - 23:51 #8
<arlet>: GoSub http://exp.dk/spm/670581 ???
Avatar billede arlet Juniormester
07. januar 2006 - 23:04 #9
Har du brug for mere hjælp, eller har du fået dit spørgsmål besvaret??, for så skal du huske at lukke dit spørgsmål pænt igen ved at marker et navn i boksen til venstre og tryk accepter..
Avatar billede dbjsmed Nybegynder
19. januar 2006 - 10:45 #10
Mange tak for hjælpen...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
47 min siden Bruge PHP til at hente hjemmeside med fsockopen Af Strawberry i PHP
I går 13:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
I går 11:32 Hjælp til kontrol af sygefravær Af Maja i Excel
27/0113:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
White papers
Flere white papers »