Søg
Avatar billede dram_lagavulin Nybegynder
07. januar 2006 - 15:29 Der er 6 kommentarer og
1 løsning

Spyware Malware ? Logfil fra - HijackThis

Udfordring til til expertens experter:

Er der en behjærtet sjæl der kan hjælpe mig. Min PC er vist ramnt af noget klisteret stas, som jeg har prøvet at fjerne med næsten alt. Det seneste der er sket er, at min internetbrowser (IE) bl.a. ikke kan åbne google og min hotmail :-(

Jeg har fulgt vejledningen på:
http://eksperten.dk/artikler/755

og fået nedenstående log's

På forhånd tak for hjælpen.

Nederste del af drweb32w.log:
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 125139
Infected objects found: 46
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 7
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 46
Objects renamed: 7
Objects moved: 0
Objects ignored: 0
Scan speed: 302 Kb/s
Scan time: 01:25:15
-----------------------------------------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            13:58:53, 07-01-2006
+ Rapport-Checksum:        4EEB348

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{59935BC1-5F4B-96F1-F3B6-C6B36821D102} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{8D1DF6CE-07E4-C211-83F6-537E054EDC98} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{DBC8BCC3-8C2E-707C-3D8D-72B88F17460E} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{F6802757-10AB-DBC8-719A-C48394D31082} -> Spyware.CoolWebSearch : Renset med backup
    C:\Documents and Settings\Asger\Cookies\asger@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Asger\Cookies\asger@adbrite[1].txt -> Spyware.Cookie.Adbrite : Renset med backup
    C:\Documents and Settings\Asger\Cookies\asger@burstnet[2].txt -> Spyware.Cookie.Burstnet : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@112.2o7[2].txt -> Spyware.Cookie.2o7 : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@adtech[2].txt -> Spyware.Cookie.Adtech : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@burstnet[2].txt -> Spyware.Cookie.Burstnet : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@com[2].txt -> Spyware.Cookie.Com : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@statcounter[1].txt -> Spyware.Cookie.Statcounter : Renset med backup
    C:\Documents and Settings\Bo\Cookies\bo@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Renset med backup
    C:\Documents and Settings\Ida\Cookies\ida@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Ida\Cookies\ida@burstnet[2].txt -> Spyware.Cookie.Burstnet : Renset med backup
    C:\Documents and Settings\Ida\Cookies\ida@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Renset med backup
    C:\Documents and Settings\Rikke\Cookies\rikke@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Rikke\Cookies\rikke@adbrite[1].txt -> Spyware.Cookie.Adbrite : Renset med backup
    C:\Documents and Settings\Rikke\Cookies\rikke@burstnet[2].txt -> Spyware.Cookie.Burstnet : Renset med backup
    C:\Documents and Settings\Rikke\Cookies\rikke@www.adbrite[1].txt -> Spyware.Cookie.Adbrite : Renset med backup
    C:\Documents and Settings\Rikke\Cookies\rikke@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Renset med backup


::Rapport slut


************************************************************
************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 14:14:25, on 07-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\nokia\PC-suita-v_6.41\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Fra%20Gammel%20Computer/Dokumenter/Startsiden.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpppta] c:\programmer\hp\ScanJet\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\nokia\PC-suita-v_6.41\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O18 - Protocol: bw+0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6EE80723-59CF-4899-8F4A-CC40B01074CC} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Avatar billede arlet Juniormester
07. januar 2006 - 15:31 #1
kigger på den
Avatar billede arlet Juniormester
07. januar 2006 - 15:35 #2
De 2 scannere har gjort et stort arbejde, så der er kun rester tilbage

Du skal nu til at i gang med at fixe:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Fra%20Gammel%20Computer/Dokumenter/Startsiden.htm(har du selv lavet denne startside, ellers skal den også fixes)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R3 - Default URLSearchHook is missing

O18 - Protocol: bw <- ALLE


Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

Genstart og ny hijackthis log
Avatar billede dram_lagavulin Nybegynder
07. januar 2006 - 16:08 #3
Her den nye log

mvh Bo


Logfile of HijackThis v1.99.1
Scan saved at 16:00:56, on 07-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\nokia\PC-suita-v_6.41\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\explorer.exe
C:\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Fra%20Gammel%20Computer/Dokumenter/Startsiden.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpppta] c:\programmer\hp\ScanJet\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\nokia\PC-suita-v_6.41\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Avatar billede arlet Juniormester
07. januar 2006 - 16:11 #4
Hent Ccleaner: http://www.ccleaner.com/ccdownload.asp
Installer programmet, men lad vær med at køre det endnu!
Husk at vælge dansk ved installationen.

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)

Nu skal du køre CCleaner, som du hentede tidligere.
Tryk så på "Renser" i menuen i venstre side.
Under windows fanebladet skal du fjerne hakket i cookies
Nu skal du trykke på knappen "Kør Cleaner" - det gør du mindst 2 gange.
Tryk så på "Problemer" i menuen i venstre side.
Nu skal du trykke på knappen "Skan efter problemer" og efter at den er færdig med skanne på "Udbedre valgte problemer.." Sig ja til at gemme en backup og tryk dernæst på "Udbedre alle valgte problemer" - det gør du mindst 2 gange.
Luk programmet.

Har det løst dit problem??
Avatar billede dram_lagavulin Nybegynder
07. januar 2006 - 17:21 #5
Ccleaner fandt en del der blev "rettet". Og jeg får ikke længere "alarmer" mm. Men....Jeg kan stadige ikke komme ind på google.dk eller google.com oj jeg kan ikke logge på min hotmail ??? Om det så ikke længere har noget med spyware / malware problemet ved jeg ikke men det tror jeg..?? Kan du hjælpe ?

Mvh Bo
Avatar billede fromsej Praktikant
07. januar 2006 - 18:45 #6
Prøv lige dette værktøj:
http://www.symantec.com/avcenter/FixQhost.exe
Avatar billede dram_lagavulin Nybegynder
07. januar 2006 - 20:13 #7
Det hjalp desværre heller ikke.... Der er stadig sider på nettet jeg ikke kan komme ind på..og det gælder stadig google og min Hotmail-konto

Bo
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 17:35 Kan ikke resette PC med Windows 8.1 Af TTA i Office & Kontorpakker
I går 13:33 Lukning af Microsoftkonto Af ErikHg i Windows
23/0416:10 Bat file. Af johnnylassen i Andet programmering
23/0410:28 “Signe” Svindel omtalt i medier Af nu_igen i Mobiltelefoner
22/0420:59 RAID controller virker ikke ved tilslutning af alle 4 harddiske Af Strawberry i Andet hardware
White papers
Flere white papers »