CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede tue_nielsen Nybegynder
24. januar 2006 - 13:09 Der er 5 kommentarer og
3 løsninger

Log fra Hijackthis -problemer med SpySheriff

Kan nogle hjælpe mig med disse logfiler.
Jeg har indsat fra Hijackthis, drweb, ewido.
Mvh. Tue Nielsen

Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 81742
Infected objects found: 194
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 3
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 197
Objects moved: 0
Objects ignored: 0
Scan speed: 1415 Kb/s
Scan time: 00:41:35
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 81861
Infected objects found: 202
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 4
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 6
Objects renamed: 200
Objects moved: 0
Objects ignored: 0
Scan speed: 1419 Kb/s
Scan time: 00:42:04
=============================================================================


Logfile of HijackThis v1.99.1
Scan saved at 12:33:13, on 24-01-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Norton Internet Security\NISSERV.EXE
C:\Programmer\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\Launch Manager\LaunchAp.exe
C:\Progra~1\Launch Manager\PowerKey.exe
C:\Progra~1\Launch Manager\HotkeyApp.exe
C:\Progra~1\Launch Manager\CtrlVol.exe
C:\Progra~1\Launch Manager\Wbutton.exe
C:\Programmer\Acer\Notebook Manager\almxptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
C:\Programmer\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
C:\Programmer\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Programmer\Sierra Imaging\Image Expert\IXApplet.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tue Nielsen\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Tue%20Nielsen/Dokumenter/FrontPage%20Webs/Content/startsidde/Hele.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Progra~1\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Progra~1\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Progra~1\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Progra~1\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Programmer\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [.mscsbl] C:\WINDOWS\system\svhost.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iamapp] rundll32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ChkMail] x@9
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: Camio Viewer.lnk = C:\Programmer\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Norton Internet Security.lnk = C:\Programmer\Norton Internet Security\nisfirst.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://frbsrv03.udd.sembsc.dk/qp2.cab
O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://frbsrv02.udd.sembsc.dk/iNotes.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://rossemsrv02.udd.sembsc.dk/iNotes6.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {8B3512EF-4FF5-4AA4-9CDE-56BB03E04B9F} (SAXFileEE ActiveX Control) - http://www.fotomail.dk/upload/SAXFileEE.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32651.cab
O16 - DPF: {CA79DF4A-E7DD-4175-A88A-7B72533A4130} (Sky Software FolderView ActiveX Control 6.0) - http://www.fotomail.dk/upload/digiupload.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo2day.com/XUpload.ocx
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Programmer\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

-------------------------------
---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            12:11:13, 24-01-2006
+ Rapport-Checksum:        45285473

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Renset uden backup
    HKLM\SOFTWARE\Classes\Replace.HBO -> Spyware.CoolWebSearch : Renset uden backup
    HKLM\SOFTWARE\Classes\Replace.HBO\CLSID -> Spyware.CoolWebSearch : Renset uden backup
    HKLM\SOFTWARE\Classes\Replace.HBO\CurVer -> Spyware.CoolWebSearch : Renset uden backup
    HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Spyware.CoolWebSearch : Renset uden backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SNO2 -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff\IE Security -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff\IE Security\BlockedLocations -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff\Process Security -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff\Process Security\Policies -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff\Process Security\Policies\Allowed -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff\Process Security\Policies\Restricted -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff\Scan -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff\System Security -> Adware.SpySheriff : Renset uden backup
    HKU\S-1-5-21-4060630162-3115765523-3061185888-1005\Software\SpySheriff\Updates -> Adware.SpySheriff : Renset uden backup
    [632] C:\WINDOWS\system32\msupdate32.dll -> Backdoor.Delf.ald : Fejl under renselse
    C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost : Renset uden backup
    C:\WINDOWS\system32\vxgame6.#xe -> Trojan.Small : Renset uden backup
    C:\WINDOWS\system32\qvxgamet2.exe -> Downloader.Small.aux : Renset uden backup
    C:\WINDOWS\system32\vxh8jkdq1.exe -> Downloader.Small.aqu : Renset uden backup
    C:\WINDOWS\system32\vxh8jkdq2.#xe -> Not-A-Virus.Hoax.Win32.Renos.av : Renset uden backup
    C:\WINDOWS\system32\vxh8jkdq5.#xe -> Downloader.Small.awa : Renset uden backup
    C:\WINDOWS\system32\vxh8jkdq6.#xe -> Downloader.Small.cfx : Renset uden backup
    C:\WINDOWS\system32\vxh8jkdq7.#xe -> Downloader.Tibs.bu : Renset uden backup
    C:\WINDOWS\system32\maxd64.#xe -> Trojan.Dialer.ay : Renset uden backup
    C:\WINDOWS\system32\msupdate32.#ll -> Backdoor.Delf.ald : Renset uden backup
    C:\WINDOWS\system32\mspostsp.#xe -> Trojan.Inject.i : Renset uden backup
    C:\WINDOWS\system32\paradise.raw.#xe -> Trojan.Small : Renset uden backup
    C:\WINDOWS\system32\symsvcs0.#xe -> Trojan.Small : Renset uden backup
    C:\WINDOWS\system32\msvcrl.#ll -> Worm.Locksky.p : Renset uden backup
    C:\WINDOWS\system32\sachostp.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\WINDOWS\system32\~update.#xe -> Trojan.Small : Renset uden backup
    C:\WINDOWS\system32\sachostw.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\WINDOWS\system32\sachostc.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\WINDOWS\system32\sachosts.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\WINDOWS\system32\sachostm.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\WINDOWS\system32\htproc32.#ll -> Trojan.Lineage.sk : Renset uden backup
    C:\WINDOWS\system32\vxgamet1.#xe -> Downloader.Small.cds : Renset uden backup
    C:\WINDOWS\system32\vxgame1.#xe -> Worm.Locksky.z : Renset uden backup
    C:\WINDOWS\system32\vxgame2.#xe -> Trojan.Dialer.u : Renset uden backup
    C:\WINDOWS\system32\vxgamet3.#xe -> Dropper.Agent.abu : Renset uden backup
    C:\WINDOWS\system32\vxgame3.#xe -> Downloader.CWS.r : Renset uden backup
    C:\WINDOWS\system32\vxgamet4.#xe -> Downloader.Small.bpz : Renset uden backup
    C:\WINDOWS\system32\vxgame4.#xe -> Dropper.Agent.afj : Renset uden backup
    C:\WINDOWS\system\svchost.exe -> Backdoor.Small.jo : Renset uden backup
    C:\WINDOWS\system\svwhost.exe -> Trojan.Agent.nw : Renset uden backup
    C:\WINDOWS\system\svchost.dll -> Backdoor.Small.jo : Renset uden backup
    C:\WINDOWS\system\svwhost.dll -> Trojan.Agent.nw : Renset uden backup
    C:\WINDOWS\inet20004\3.00.130.#ll -> Spyware.Ihbo : Renset uden backup
    C:\WINDOWS\inet20004\alg.exe.#ak -> Worm.Delf.i : Renset uden backup
    C:\WINDOWS\inet20004\alg.#xe -> Worm.Delf.i : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\install.#xe -> Backdoor.Robobot.an : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\arun.exe -> Trojan.Zapchast : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\sd32a.#xe -> Worm.AllocUp.a : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\sd32c.#xe -> Backdoor.Robobot.am : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\dmx65.#mp -> Dropper.Agent.abu : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\dmx61.#mp -> Worm.Locksky.ab : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\1.qtdfmp -> Downloader.Small.aqu : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\2.#tdfmp -> Not-A-Virus.Hoax.Win32.Renos.av : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\5.#tdfmp -> Downloader.Small.awa : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\6.#tdfmp -> Downloader.Small.cfx : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\7.#tdfmp -> Downloader.Tibs.bu : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\vx1.#ame -> Worm.Locksky.z : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\maxdd.#ame -> Trojan.Dialer.ay : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\vxt1.#ame -> Downloader.Small.cds : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\qvxt2.game -> Downloader.Small.aux : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\vx3.#ame -> Downloader.CWS.r : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\vx2.#ame -> Trojan.Dialer.u : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\vx6.#ame -> Trojan.Small : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\vxt3.#ame -> Dropper.Agent.abu : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\vxt4.#ame -> Downloader.Small.bpz : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temp\vx4.#ame -> Dropper.Agent.afj : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\Y9345KRM\zgame4[1].#xe -> Dropper.Agent.afj : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\YD0JMHM5\latest[1].#xe -> Trojan.Small : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\525CH7MJ\xpl[1].wmf -> Exploit.MS05-053-WMF : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\WLAJ4H6F\lat[1].#aw -> Trojan.Small : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GXKH67GH\r42[1].exe -> Backdoor.Small.jo : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\8P6NO5QJ\paradise[1].#aw -> Trojan.Small : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\TB7395WE\new[1].#tm -> Downloader.Agent.i : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Menuen Start\Programmer\SpySheriff -> Spyware.SpySheriff : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Menuen Start\Programmer\SpySheriff\SpySheriff.lnk -> Spyware.SpySheriff : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Skrivebord\s.exe -> Trojan.Agent.nw : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Skrivebord\temp.#ak -> Worm.Locksky.ab : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@adtech[1].txt -> Spyware.Cookie.Adtech : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@com[2].txt -> Spyware.Cookie.Com : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@burstnet[2].txt -> Spyware.Cookie.Burstnet : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@cz8.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@sonycorporate.122.2o7[1].txt -> Spyware.Cookie.2o7 : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\Cookies\tue nielsen@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\temp.#ak -> Worm.Locksky.ab : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\u.exe -> Trojan.Agent.nw : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\k.exe -> Trojan.Agent.nw : Renset uden backup
    C:\Documents and Settings\Tue Nielsen\a.exe -> Trojan.Agent.nw : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\install.#xe -> Backdoor.Robobot.ap : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\sd32c.#xe -> Backdoor.Robobot.ag : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\vxt1.#ame -> Downloader.Small.cds : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\vx1.#ame -> Worm.Locksky.z : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\vxt3.#ame -> Dropper.Agent.abu : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\vxt4.#ame -> Downloader.Small.bpz : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\vx2.#ame -> Trojan.Dialer.u : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\vx3.#ame -> Downloader.CWS.r : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\vx4.#ame -> Dropper.Agent.afj : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\vx6.#ame -> Trojan.Small : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\qvxt2.#ame -> Trojan.Lineage.sk : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Lokale indstillinger\Temp\qvxt4.game -> Downloader.Small.aqu : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Cookies\elsebet mie@commissionpartner[2].txt -> Spyware.Cookie.Commissionpartner : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\Cookies\elsebet mie@com[2].txt -> Spyware.Cookie.Com : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\temp.#ak -> Worm.Locksky.ab : Renset uden backup
    C:\Documents and Settings\Elsebet Mie\i.exe -> Trojan.Agent.nw : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071243.#ll -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071249.#xe -> Worm.Delf.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071251.dll -> Trojan.Agent.nw : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071252.#ll -> Backdoor.Small.jo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071253.#ll -> Worm.Locksky.p : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071255.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071259.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071260.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071261.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071262.#xe -> Downloader.Small.cds : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071264.#xe -> Dropper.Agent.abu : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071265.#xe -> Downloader.Small.bpz : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071266.#xe -> Trojan.Inject.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071267.#xe -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071268.#xe -> Trojan.Dialer.u : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071270.exe -> Downloader.Small.aqu : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071272.#xe -> Downloader.CWS.r : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071273.#xe -> Dropper.Agent.afj : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071274.#xe -> Backdoor.Small.jo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP269\A0071275.#xe -> Trojan.Small : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP270\snapshot\MFEX-1.#AT -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP271\snapshot\MFEX-1.#AT -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\snapshot\MFEX-1.#AT -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072908.#xe -> Worm.Locksky.z : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071432.#ll -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071442.#ll -> Backdoor.Small.jo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071443.dll -> Trojan.Agent.nw : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071445.#xe -> Worm.Delf.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071447.#ll -> Worm.Locksky.p : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071448.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071453.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071454.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071455.#xe -> Downloader.Small.cds : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071457.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071458.#xe -> Dropper.Agent.abu : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071459.#xe -> Downloader.Small.bpz : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071460.#xe -> Trojan.Inject.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071461.#xe -> Worm.Locksky.z : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071462.#xe -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071464.#xe -> Trojan.Dialer.u : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071465.exe -> Downloader.Small.aqu : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071467.#xe -> Downloader.CWS.r : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071468.#xe -> Dropper.Agent.afj : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071469.#xe -> Trojan.Small : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071470.#xe -> Backdoor.Small.jo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071471.exe -> Trojan.Agent.nw : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071472.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071475.#xe -> Not-A-Virus.Hoax.Win32.Renos.av : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072909.#xe -> Trojan.Dialer.u : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071477.#LL -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071483.#LL -> Backdoor.Small.jo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071485.DLL -> Trojan.Agent.nw : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071486.#XE -> Worm.Delf.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071488.#LL -> Worm.Locksky.p : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071491.#XE -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071493.#xe -> Downloader.Small.cds : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071495.#xe -> Worm.Locksky.z : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071496.#xe -> Trojan.Dialer.u : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071497.#xe -> Dropper.Agent.abu : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071498.#xe -> Downloader.CWS.r : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071499.#xe -> Downloader.Small.bpz : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071500.#xe -> Trojan.Inject.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071501.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071502.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071503.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071504.#xe -> Dropper.Agent.afj : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071505.#xe -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071506.#xe -> Trojan.Small : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071508.exe -> Downloader.Small.aqu : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071510.#xe -> Backdoor.Small.jo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071511.#ll -> Spyware.Ihbo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072910.#xe -> Dropper.Agent.abu : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071837.#LL -> Backdoor.Small.jo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072911.#xe -> Downloader.CWS.r : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071841.#LL -> Worm.Locksky.p : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071842.#XE -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071844.#xe -> Worm.Delf.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071846.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071847.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071848.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071849.#XE -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072912.#xe -> Downloader.Small.bpz : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071856.DLL -> Backdoor.Small.jo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071857.DLL -> Trojan.Agent.nw : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071860.#LL -> Worm.Locksky.p : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071861.#XE -> Worm.Delf.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071863.#XE -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071866.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071867.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071868.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071870.#xe -> Trojan.Small : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0071871.#xe -> Trojan.Small : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072913.#xe -> Dropper.Agent.afj : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072914.#xe -> Worm.Delf.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072879.#xe -> Trojan.Boxed.s : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072880.#xe -> Backdoor.Robobot.am : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072881.#xe -> Worm.Locksky.z : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072882.#xe -> Dropper.Agent.afj : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072883.#xe -> Downloader.CWS.r : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072884.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072885.#xe -> Not-A-Virus.Hoax.Win32.Renos.av : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072886.#xe -> Trojan.Small : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072887.#ll -> Spyware.Ihbo : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072888.#xe -> Trojan.Small : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072889.#xe -> Not-A-Virus.Hoax.Win32.Renos.av : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072890.#xe -> Downloader.Small.awa : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072891.#xe -> Downloader.Small.cfx : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072892.#xe -> Downloader.Tibs.bu : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072893.#xe -> Trojan.Dialer.ay : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072894.#ll -> Backdoor.Delf.ald : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072895.#xe -> Trojan.Inject.i : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072896.#xe -> Trojan.Small : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072898.#ll -> Worm.Locksky.p : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072899.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072900.#xe -> Trojan.Small : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072901.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072902.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072903.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072904.#xe -> Worm.Locksky.ab : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072905.#ll -> Trojan.Lineage.sk : Renset uden backup
    C:\System Volume Information\_restore{BF2C56D7-96FA-4F4C-A145-15D2CCAC45C9}\RP272\A0072906.#xe -> Downloader.Small.cds : Renset uden backup
    C:\winstal0.#xe -> Not-A-Virus.Hoax.Win32.Renos.av : Renset uden backup


::Rapport slut
Avatar billede arlet Juniormester
24. januar 2006 - 13:11 #1
kigger
Avatar billede arlet Juniormester
24. januar 2006 - 13:11 #2
Hent og dobbeltklik på smitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Programmet pakker sig ud til mappen smitRem.

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)

Åbn mappen smitRem, og dobbeltklik på RunThis.bat (Følg vejledningen i vinduet.)

Find smitfiles.txt via Start/Søg. Kopier denne log herind sammen med en ny hijackthis log..
Avatar billede tue_nielsen Nybegynder
24. januar 2006 - 13:40 #3
Ok. Så er det gjort.

smitRem © log file
    version 2.8

    by noahdfear


Microsoft Windows XP [version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~

svcp.csv
winsub.xml
zlbw.dll
zlbw.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 776 'explorer.exe'

Starting registry repairs

Deleting files


  Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)



------

Logfile of HijackThis v1.99.1
Scan saved at 13:30:47, on 24-01-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tue Nielsen\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Tue%20Nielsen/Dokumenter/FrontPage%20Webs/Content/startsidde/Hele.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Progra~1\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Progra~1\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Progra~1\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Progra~1\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Programmer\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [.mscsbl] C:\WINDOWS\system\svhost.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iamapp] rundll32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ChkMail] x@9
O4 - Startup: Camio Viewer.lnk = C:\Programmer\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Norton Internet Security.lnk = C:\Programmer\Norton Internet Security\nisfirst.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://frbsrv03.udd.sembsc.dk/qp2.cab
O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://frbsrv02.udd.sembsc.dk/iNotes.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://rossemsrv02.udd.sembsc.dk/iNotes6.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {8B3512EF-4FF5-4AA4-9CDE-56BB03E04B9F} (SAXFileEE ActiveX Control) - http://www.fotomail.dk/upload/SAXFileEE.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32651.cab
O16 - DPF: {CA79DF4A-E7DD-4175-A88A-7B72533A4130} (Sky Software FolderView ActiveX Control 6.0) - http://www.fotomail.dk/upload/digiupload.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo2day.com/XUpload.ocx
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Programmer\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede arlet Juniormester
24. januar 2006 - 13:45 #4
-------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
(Når du er erklæret ren igen, skal du huske at sætte indstillingerne tilbage)

--------------------------------------------------------------------

Du skal nu til at i gang med at fixe:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

O4 - HKLM\..\Run: [.mscsbl] C:\WINDOWS\system\svhost.exe

O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)


Find og slet den/disse manuelt:
C:\WINDOWS\system\svhost.exe

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.



Genstart og ny hijackthis log
Avatar billede tue_nielsen Nybegynder
24. januar 2006 - 14:18 #5
Kan ikke slette \system32\svchost.exe - adgang nægtet. Men har gjort alt det andet.

Logfile of HijackThis v1.99.1
Scan saved at 14:17:53, on 24-01-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\Launch Manager\LaunchAp.exe
C:\Progra~1\Launch Manager\PowerKey.exe
C:\Progra~1\Launch Manager\HotkeyApp.exe
C:\Progra~1\Launch Manager\CtrlVol.exe
C:\Progra~1\Launch Manager\Wbutton.exe
C:\Programmer\Acer\Notebook Manager\almxptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
C:\Programmer\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
C:\Programmer\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Programmer\Sierra Imaging\Image Expert\IXApplet.exe
C:\Documents and Settings\Tue Nielsen\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Tue%20Nielsen/Dokumenter/FrontPage%20Webs/Content/startsidde/Hele.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Progra~1\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Progra~1\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Progra~1\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Progra~1\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Programmer\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iamapp] rundll32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ChkMail] x@9
O4 - Startup: Camio Viewer.lnk = C:\Programmer\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Programmer\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Norton Internet Security.lnk = C:\Programmer\Norton Internet Security\nisfirst.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://frbsrv03.udd.sembsc.dk/qp2.cab
O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://frbsrv02.udd.sembsc.dk/iNotes.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://rossemsrv02.udd.sembsc.dk/iNotes6.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {8B3512EF-4FF5-4AA4-9CDE-56BB03E04B9F} (SAXFileEE ActiveX Control) - http://www.fotomail.dk/upload/SAXFileEE.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32651.cab
O16 - DPF: {CA79DF4A-E7DD-4175-A88A-7B72533A4130} (Sky Software FolderView ActiveX Control 6.0) - http://www.fotomail.dk/upload/digiupload.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo2day.com/XUpload.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Programmer\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede tue_nielsen Nybegynder
24. januar 2006 - 14:20 #6
der er ingen der hedder svhost under system
Avatar billede arlet Juniormester
24. januar 2006 - 14:36 #7
Nej, den er væk..

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan se her : www.arlet.dk/pakke.htm
Avatar billede tue_nielsen Nybegynder
24. januar 2006 - 15:54 #8
Tak for hjælpen, er meget glad!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 18:30 Messenger Af Cool i Andet software
I går 13:37 Fejl i Dato = Format(Now(), "dd-mm-yyyy hh:mm:ss") Af per2edb i Access
I går 12:58 udvidede sikkerhedsopdateringer for Windows 10 til oktober 2026 Af 220661 i Windows
I går 11:07 Sorter tal (lav til høj) og fjern dubletter med formel Af Lystfisker i Excel
I går 08:39 Boot problemer Af Tassie i PC
White papers
Flere white papers »


Premium
Teaser billede
Mens dronerne flyver om ørerne på os, har den kendte beredskabs-ekspert Ken Bonefeld et klart budskab til os alle
Læs mere »
Flere år efter hård kritik: Disse statslige myndigheders it-sikkerhed halter stadig
Her er prisen: Så meget betaler Domstolsstyrelsen til Aeven for ny drift-kontrakt
Ny strategi bliver altafgørende for VMware-forhandlere i fremtiden: Her er selskabets plan
Se alle »
Computerworld
Teaser billede
Amigaen er tilbage – nu er den 400 gange hurtigere end tidligere
Læs mere »
Droneangreb over Københavns Lufthavn viser, hvor sårbare vi egentlig er: Det er kun begyndelsen
Mand anholdt efter weekendens massive cyberangreb mod europæiske lufthavne
Test: Googles nyeste budget-mobil ligner nærmest en iPhone til halv pris
Se alle »
CIO
Teaser billede
Et ubehageligt opkald fik danske Thomas Eriksson til at udvikle en helt ny teknologi: "Nogen havde delt intime billeder"
Læs mere »
It-chefer forventer, at der vil være langt færre it-jobs om få år: It-afdelingerne vil skrumpe med en femtedel
Microsoft-topchef Satya Nadella er "hjemsøgt" af frygten for, at AI bliver Microsofts død
Tidligere Norlys-chef lander nyt job: Bliver CIO for transportvirksomhed med 3.500 ansatte
Se alle »
Job & Karriere
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
Her er fidusen: Sådan fastholder KMD og Twoday deres it-folk i lang tid
Henrik Bodskov fratræder som topchef for Aeven: Her er den nye topchef
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Se alle »
White paper
Teaser billede
Undgå at printeren bliver svageste led i sikkerheden
Læs mere »
IT i front: Sådan bliver netværk en strategisk driver
Sådan sikrer du nem og beskyttet adgang til dine ressourcer
Få automatisk styr på alle virksomhedens persondata
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »