Søg
Avatar billede mrblablabla Nybegynder
07. februar 2006 - 01:45 Der er 6 kommentarer og
1 løsning

Min CPU arbejder overtid! hijackthis log

Hej Eksperter!

Min CPU usage roder hele tiden rundt på omkring 80-100% og får computerens blæser til at køre som sindsyg. Jeg har kørt nogle forskellige spyware-programmer... Spyware Doctor, Spy bot, Security Task Manager, Bitdefender... og hijackthis.

Håber virkelig I kan hjælpe mig!

Logfile of HijackThis v1.99.1
Scan saved at 09:25:32, on 07-02-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program_Files\wamp\apache\Apache.exe
C:\Program_Files\wamp\mysql\bin\mysqld-nt.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program_Files\wamp\apache\Apache.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program_Files\wamp\wampserver.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\MrBlabla\My Documents\Programmer\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ƒtƒŒƒbƒcÚ‘±ƒc[ƒ‹ - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [aN[zT`\[wQWaWvKL^W^KWt] C:\WINDOWS\System32\uilpnyk.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\RunServices: [aN[zT`\[wQWaWvKL^W^KWt] C:\WINDOWS\System32\uilpnyk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: WampServer.lnk = C:\Program_Files\wamp\wampserver.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google-søgning - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lignende sider - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B73E6B6-4690-4B24-8C6F-5E51A766BAAE}: NameServer = 202.224.32.1 202.224.32.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B73E6B6-4690-4B24-8C6F-5E51A766BAAE}: NameServer = 202.224.32.1 202.224.32.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Help Management - Unknown owner - C:\WINDOWS\system32\dllcache\Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Path Finder Service (MSpath) - Unknown owner - C:\WINDOWS\mspath.exe (file missing)
O23 - Service: Packet Scheduler - Unknown owner - C:\WINDOWS\system32\dllcache\Service.exe (file missing)
O23 - Service: rsvchost - Unknown owner - C:\WINDOWS\rsvchost.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program_Files\wamp\apache\Apache.exe" --ntservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program_Files\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Avatar billede andersenph Nybegynder
07. februar 2006 - 17:11 #1
2 minutter så kommer der en guide...
Avatar billede andersenph Nybegynder
07. februar 2006 - 17:19 #2
Installer og kør Ewido
Opdater straks efter installationen programmet. Lad være med at slette noget med Ewido fra normal tilstand. Vent til du kommer i fejlsikret tilstand. Du kan evt. højreklikke på ikonet E nede ved uret, og klikke på shutdown guard, så er du sikker på, at programmet venter med at fjerne snavs, til du er i fejlsikret tilstand.

Det vil være smart at tømme mappen for cookies før du kører Ewido, for ellers får du en lang log fra den scanner, med alle de cookies det fjerner.

Rens browser cachen

1. Klik på Funktioner - Internetindstillinger

2. Under midlertidige filer, klik på Slet cookies

3. Under midlertidige filer, klik på slet filer – sæt flueben i slet alt offline indhold

4. Under Oversigten, klik på ryd oversigten

5. Klik på ok.

Tøm din papirkurv.

Du kan rense temp med denne fil, det tager kun få sek.
www.spywareinfo.dk/download/cleantempxp2k.bat
-------------------------------------------------------------------------------------

Hent og gem denne scanner, du skal bruge den senere.
http://www.spywareinfo.dk/download/mwav.exe - Kaspersky Virusscanner.
-----------------------------------------------------------------------------------

Download cureit til skrivebordet ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Kig denne vejledning grundigt igennem.
http://fromsej.dk/Vejledninger/html/drweb.html
--------------------------------------------------------------------------------------------------------

Genstart herefter i Fejlsikret tilstand – F8 i opstart.
-------------------------------------------------------------

Kør en fuld scanning med Ewido. Programmet opretter en lille log, som du skal kopiere herind i dit næste svar. Du kan se hvordan du skal oprette og gemme rapporten her: http://www.spywarefri.dk/manualer/ewido-manual.htm hvis du er i tvivl. Se punkt: 16 og 17
---------------

Kør en scanning med Hijackthis, så du kan se alle filer.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [aN[zT`\[wQWaWvKL^W^KWt] C:\WINDOWS\System32\uilpnyk.exe
O4 - HKLM\..\RunServices: [aN[zT`\[wQWaWvKL^W^KWt] C:\WINDOWS\System32\uilpnyk.exe
O23 - Service: Help Management - Unknown owner - C:\WINDOWS\system32\dllcache\Service.exe (file missing)
O23 - Service: Microsoft Path Finder Service (MSpath) - Unknown owner - C:\WINDOWS\mspath.exe (file missing)
O23 - Service: Packet Scheduler - Unknown owner - C:\WINDOWS\system32\dllcache\Service.exe (file missing)
O23 - Service: rsvchost - Unknown owner - C:\WINDOWS\rsvchost.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)


-------------------------------------------------------------------

For at kunne se alle filer og mapper, så følg denne vejledning:
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
----------------------------------------------
Søg og slet de filer jeg har anført – måske kan du ikke finde dem alle.

C:\WINDOWS\System32\uilpnyk.exe
C:\WINDOWS\mspath.exe
C:\WINDOWS\rsvchost.exe
C:\WINDOWS\win32ssr.exe

------------------------------------------------

Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.
----------------------------------------------------------------------------------------------------------

Så kører du engangsskanneren fra Kaspersky – Stadig fra fejlsikret tilstand. Klik på den fil du har hentet: mwav.exe Klik på unzip og det pakker sig ud i en mappe som det selv opretter på C:\Kasperskky – klik på OK.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Klik på scan.
Tip: du skal ikke klikke på Add to Startup folders så scannes din maskine hver gang du starter Windows op.
Denne scanning kan godt tage et par timer alt efter hvor meget du har liggende på din computer.
------------

Genstart din computer.
--------------------------

Kør også lige denne onlinescanner for spyware X- Cleaner:
http://www.spywarefri.dk/spywarefri-onlinescan.htm

Tøm din papirkurv.

Genstart din computer, kør en ny scanning med HijackThis, kopier en ny log herind til tjek.
Avatar billede mrblablabla Nybegynder
08. februar 2006 - 11:33 #3
Hej Andersenph!

Tak for din udemærket beskrivelse! Inden jeg så dit indlæg har selv jeg kæmpet med problemet, og nu ser det ud til at jeg har fjernet viraen/spywaren som har gjort at min CPU arbejde overtid.

Men jeg fulgte alligvel din beskrivelse bare for at checke om der skulle være noget andet, og det var der selvfølgelig.

Her har du rapporterne:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:            10:10:17, 08-02-2006
+ Report-Checksum:        1B9F052D

+ Scan result:

    C:\Documents and Settings\MrBlabla\Cookies\mrblabla@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\MrBlabla\Cookies\mrblabla@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\MrBlabla\Application Data\Mozilla\Firefox\Profiles\u14cyiuk.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\System Volume Information\_restore{680CB4DE-4752-4DC5-AA00-2A455016EFF1}\RP1\A0000103.exe -> Heuristic.Win32.AVKiller : Cleaned with backup


::Report End




---------------------------------------------------------
Dr. Web - Scan statistics
---------------------------------------------------------

Objects scanned: 97630
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 7
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 7
Objects moved: 0
Objects ignored: 6
Scan speed: 1326 Kb/s
Scan time: 00:43:31
----------------------------------------------------------------






---------------------------------------------------------
HijackThis
---------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:31:28, on 08-02-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program_Files\wamp\wampserver.exe
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\Program_Files\wamp\apache\Apache.exe
C:\Program_Files\wamp\mysql\bin\mysqld-nt.exe
C:\Program_Files\wamp\apache\Apache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MrBlabla\My Documents\Programmer\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ƒtƒŒƒbƒcÚ‘±ƒc[ƒ‹ - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: WampServer.lnk = C:\Program_Files\wamp\wampserver.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google-søgning - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lignende sider - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B73E6B6-4690-4B24-8C6F-5E51A766BAAE}: NameServer = 202.224.32.1 202.224.32.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B73E6B6-4690-4B24-8C6F-5E51A766BAAE}: NameServer = 202.224.32.1 202.224.32.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: wampapache - Unknown owner - C:\Program_Files\wamp\apache\Apache.exe" --ntservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program_Files\wamp\mysql\bin\mysqld-nt.exe

---------------------------------------------------------

---------------------------------------------------------


Det var en ordentlig mundfuld....
Avatar billede andersenph Nybegynder
08. februar 2006 - 11:57 #4
Din log er nu helt ren.

Efter sådan en tur er det altid en god ide at rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Lidt råd med på vejen herfra skal du da også have.
For at sikre din pc fremover ville det være en god idé at bruge nogle af programmerne fra denne lille pakke som du kan se her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Måske skal du lige fixe denne:
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
Så ikke kasperskyscanneren starter op hvergang du tænder for din maskine.
Avatar billede mrblablabla Nybegynder
08. februar 2006 - 12:54 #5
Mange tak for hjælpen! Jeg er ny ekspert-bruger.... hvordan giver man point?
Avatar billede Computer Hjælp (Gratis) Mester
08. februar 2006 - 13:10 #6
http://expfaq.1go.dk/?id=20#hvordan_accepter_eller_afvis
Avatar billede andersenph Nybegynder
08. februar 2006 - 15:17 #7
Jeg takker for point og support fra dr1 ;O)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 14:46 Offline opdatering af co-working excell sheet Af morten vestergaard i Excel
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
White papers
Flere white papers »