Hej igen, så er jeg tilsyneladende virus fri. Maskinen melder ihevrtfald ikke om mere ved opstart.
Her er de logs:
Log fra Dr. Web:
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 212530
Infected objects found: 5
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 4
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 1
Objects cured: 0
Objects deleted: 4
Objects renamed: 5
Objects moved: 0
Objects ignored: 0
Scan speed: 277 Kb/s
Scan time: 03:03:13
**********
Report fra Ewido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 07:22:58, 04-01-2006
+ Report-Checksum: 8FE5F88D
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Spyware.BroadCastPC : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-3989985821-3440388690-2464169887-1007\Software\salm -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Amalie\Cookies\amalie@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Amalie\Cookies\amalie@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Amalie\Cookies\amalie@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Amalie\Cookies\amalie@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Amalie\Cookies\amalie@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@217.73.66[2].txt -> Spyware.Cookie.217.73.66.16 : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Casper\Cookies\casper@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Charlotte\Cookies\charlotte@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Ejer\Cookies\ejer@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Ejer\Cookies\ejer@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Ejer\Lokale indstillinger\Application Data\Wildtangent\Cdacache\00\00\0C.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@commissionpartner[1].txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@ehg-shoes.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@oewabox[1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Gustav\Cookies\gustav@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Rikke\Cookies\rikke@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Rikke\Cookies\rikke@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Rikke\Cookies\rikke@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Rikke\Cookies\rikke@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Rikke\Cookies\rikke@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Rikke\Cookies\rikke@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Rikke\Cookies\rikke@
www.pink.com.19249.fb.dbbsrv[2].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Programmer\SearchRelevant\SearchRelevant.#ll -> Spyware.Relevance : Cleaned with backup
C:\WINDOWS\system32\biT.exe/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\system32\biT.exe/preInsBI.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\biT.exe/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\system32\biT.exe/preInsBI.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\BO2804040128.#xe -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\in9bTs.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\msbb321.#ll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\mscornet.exe -> Downloader.Zlob.bv : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
::Report End
***********************
Hijackthis log efter de 2 scaninger:
Logfile of HijackThis v1.99.1
Scan saved at 07:30:06, on 04-01-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ejer\Skrivebord\Hentet fra internettet\Hijackthis\hjt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gmail.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmer\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmer\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [Stone's TimeTool] C:\Documents and Settings\Ejer\Skrivebord\Henriks programmer og dokumenter\TimeTool\TimeTool.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Programmer\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &MSN Search -
res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Åbn på ny baggrundsfane -
res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?820aaf8ac6ac4f92b15354fd5a39ca2c
O8 - Extra context menu item: Åbn på ny forgrundsfane -
res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?820aaf8ac6ac4f92b15354fd5a39ca2c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) -
http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cabO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -
http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dllO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/files/abasetup155.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
/hense
