Søg
Avatar billede duranarve Nybegynder
30. januar 2006 - 20:50 Der er 5 kommentarer og
2 løsninger

Er der en som vil tjekke denne her Hi-Jack this log?

Hej, har lige surfet lidt rundt, og finder til min store skræk ud af , at et program som hedder Spy Sheriff har installeret sig selv på min pc, og det er desværre ikke sådan lige at komme af med, så hjælp søges?

Logfile of HijackThis v1.99.1
Scan saved at 20:47:09, on 30-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
c:\programmer\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe
C:\Programmer\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\tool2.exe
C:\WINDOWS\system32\paytime.exe
C:\Programmer\Mozilla Firefox\firefox.exe
D:\Programmer\HiJack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Shell] "C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Download alle med FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download med FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: bw+0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E9C983C8-C464-4535-9E11-313D61DB7DAD} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmer\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
Avatar billede arlet Juniormester
30. januar 2006 - 20:51 #1
kigger
Avatar billede arlet Juniormester
30. januar 2006 - 20:55 #2
Hent CWSHredder herfra: http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe
Kør CWShredder, opdater CWSHredder. Luk CWSHredder.

Hent denne scanner:
Ewido kan du downloade her: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet,
(men lad være med at scanne endnu).

Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
(men lad være med at scanne endnu).

--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
(Når du er erklæret ren igen, skal du huske at sætte indstillingerne tilbage)

--------------------------------------------------------------------

Du skal nu til at i gang med at fixe:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [Shell] "C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe

O18 - Protocol: bw <- ALLE

Find og slet den/disse manuelt:


C:\WINDOWS\system32\paytime.exe
C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00001.exe
C:\winstall.exe
C:\Program Files\SpySheriff <- hele mappen

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.


Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)

Åbn CWSHredder, klik på Fix, så scanner denog fixer det den finder .Når den er færdig, så trykker du på Next, og bagefter på Exit..

Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.


Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og kopier den report herind sammen med en hijackthis log taget efter du har kørt Ewido
Avatar billede duranarve Nybegynder
30. januar 2006 - 21:22 #3
Hvordan kører man en bats fil, er kommet til det sted hvor man skal gøre det?
Avatar billede arlet Juniormester
30. januar 2006 - 21:37 #4
Når du har trykket på linket, så trykker du kør, 3 sekunder efter er den færdig og så går du videre med vejledningen
Avatar billede duranarve Nybegynder
30. januar 2006 - 22:25 #5
Nå, ok, jeg slettede dem manuelt! Her følger diverse logs:
HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 22:20:03, on 30-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\HiJack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Download alle med FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download med FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmer\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

Erwido:
---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            22:19:25, 30-01-2006
+ Rapport-Checksum:        8AF63D32

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SNO2 -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff\IE Security -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff\IE Security\BlockedLocations -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff\Process Security -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff\Process Security\Policies -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff\Process Security\Policies\Allowed -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff\Process Security\Policies\Restricted -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff\Scan -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff\System Security -> Adware.SpySheriff : Renset med backup
    HKU\S-1-5-21-252405293-2569912853-3647452489-1006\Software\SpySheriff\Updates -> Adware.SpySheriff : Renset med backup
    C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP17\A0004918.exe -> Not-A-Virus.Hoax.Win32.Renos.az : Renset med backup
    :mozilla.8:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.9:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.17:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Itrack : Renset med backup
    :mozilla.18:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Itrack : Renset med backup
    :mozilla.20:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Mediaplex : Renset med backup
    :mozilla.21:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Mediaplex : Renset med backup
    :mozilla.30:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Doubleclick : Renset med backup
    :mozilla.33:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.34:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.35:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.36:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.37:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.38:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.39:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.40:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.41:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.42:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.43:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.44:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.45:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.46:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.47:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.48:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.49:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.50:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.51:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.52:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.53:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.54:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.55:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.56:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.57:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.58:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.59:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.60:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.61:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.62:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Paypopup : Renset med backup
    :mozilla.63:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.64:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.65:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.66:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.67:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.68:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.69:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.70:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.71:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.72:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.76:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Sitestat : Renset med backup
    :mozilla.77:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Sitestat : Renset med backup
    :mozilla.80:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.81:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.82:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.83:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.84:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.85:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.87:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Renset med backup
    :mozilla.88:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Renset med backup
    :mozilla.91:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Valueclick : Renset med backup
    :mozilla.92:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Burstnet : Renset med backup
    :mozilla.93:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Burstnet : Renset med backup
    :mozilla.103:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Adbrite : Renset med backup
    :mozilla.105:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.106:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.107:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.108:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.109:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.111:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Hotlog : Renset med backup
    :mozilla.113:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup
    :mozilla.114:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup
    :mozilla.115:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup
    :mozilla.116:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup
    :mozilla.117:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup
    :mozilla.185:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Euroclick : Renset med backup
    :mozilla.186:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Euroclick : Renset med backup
    :mozilla.187:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Euroclick : Renset med backup
    :mozilla.199:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.200:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.201:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.202:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.203:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.204:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.206:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.207:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Ivwbox : Renset med backup
    :mozilla.209:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Valuead : Renset med backup
    :mozilla.210:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Valuead : Renset med backup
    :mozilla.212:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Valuead : Renset med backup
    :mozilla.217:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Renset med backup
    :mozilla.218:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Renset med backup
    :mozilla.219:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Renset med backup
    :mozilla.238:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset med backup
    :mozilla.239:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset med backup
    :mozilla.240:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset med backup
    :mozilla.243:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Googleadservices : Renset med backup
    :mozilla.287:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Atdmt : Renset med backup
    :mozilla.301:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.314:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Googleadservices : Renset med backup
    :mozilla.318:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Overture : Renset med backup
    :mozilla.338:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Revenue : Renset med backup
    :mozilla.344:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Esomniture : Renset med backup
    :mozilla.351:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Trafic : Renset med backup
    :mozilla.352:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Spylog : Renset med backup
    :mozilla.360:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Onestat : Renset med backup
    :mozilla.361:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Onestat : Renset med backup
    :mozilla.363:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Esomniture : Renset med backup
    :mozilla.364:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Esomniture : Renset med backup
    :mozilla.366:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Esomniture : Renset med backup
    :mozilla.369:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Esomniture : Renset med backup
    :mozilla.371:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Googleadservices : Renset med backup
    :mozilla.372:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Esomniture : Renset med backup
    :mozilla.373:D:\Documents and Settings\Torben Arve\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\cookies.txt -> Spyware.Cookie.Esomniture : Renset med backup
    D:\Documents and Settings\Torben Arve\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\kl5156zl.default\Cache\AA589A01d01/run.exe -> Downloader.Harnig.bb : Renset med backup
    D:\Documents and Settings\Torben Arve\Lokale indstillinger\Temporary Internet Files\Content.IE5\432TSEO5\tool3[1].txt -> Trojan.Small : Renset med backup
    D:\Documents and Settings\Torben Arve\Lokale indstillinger\Temporary Internet Files\Content.IE5\QFOV2U5N\tool4[1].txt -> Trojan.Small : Renset med backup
    D:\Documents and Settings\Torben Arve\Lokale indstillinger\Temporary Internet Files\Content.IE5\SNUXACSL\tool5[1].txt -> Trojan.Small : Renset med backup
    D:\Documents and Settings\Torben Arve\Lokale indstillinger\Temporary Internet Files\Content.IE5\SNUXACSL\toolbar[1].#xt -> Downloader.Adload.j : Renset med backup
    D:\Documents and Settings\Torben Arve\Menuen Start\Programmer\SpySheriff -> Spyware.SpySheriff : Renset med backup
    D:\Documents and Settings\Torben Arve\Menuen Start\Programmer\SpySheriff\SpySheriff.lnk -> Spyware.SpySheriff : Renset med backup
    D:\Programmer\ACDSee 8.0\Patch.exe -> Downloader.VB.ts : Renset med backup


::Rapport slut

Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 82342
Infected objects found: 14
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 5
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 14
Objects renamed: 5
Objects moved: 0
Objects ignored: 0
Scan speed: 2585 Kb/s
Scan time: 00:20:44

Håber godt nok alt er vel nu!
Avatar billede arlet Juniormester
31. januar 2006 - 08:09 #6
Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan se her : www.arlet.dk/pakke.htm
Avatar billede duranarve Nybegynder
31. januar 2006 - 13:01 #7
Jeg takker af hele mit efterhånden store hjerte for din ihærdige indsats, der fik jeg lært lidt igen. Har aldrig prøvet at få sådan noget installeret, uden at jeg vidste det. har også lige fået ny pc, så min defensiv har også været helt i bund.
Kan det iøvrigt passe, at man med Norton blot behøver at lave et par små manøvrer for, at fjerne dette modbydelige program? Har en kammerat som har fået dette at vide, og han har da også selv gjort det.

Endnu engang tak, vil opdatere mit forsvar når jeg er hjemme engang igen.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
hvilken afløser kan I anbefale? Af jcr18 i Andet sikkerhed 5 17/03/202610:32 18/03/202615:36
Advarsler om datalæk for nogle apps Af nu_igen i Andet sikkerhed 6 02/02/202614:54 03/02/202613:45
Mail fra Yousee ? Svindel? Af nu_igen i Andet sikkerhed 4 13/01/202617:27 14/01/202609:36
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:45 Kablet forbindelse mellem android telefon og windows 11 pc Af 1Dorte i Android
I går 12:04 Elementtype vises - og ikke billedet? Af hkprofil i Billedbehandling
29/0312:08 Problemer med replay af købte kursusvideoer Af annam i Browsere
28/0311:18 DENVER DVB-tMPEG-4 HD TUNER Af ole falsted i Fjernsyn & projektorer
28/0310:03 Låst D-drev skal genoprettes Af barth i Andet software
White papers
Flere white papers »