Søg
Avatar billede chrisson Nybegynder
25. februar 2006 - 11:14 Der er 7 kommentarer og
1 løsning

HijackThis log

Hej,
kan i ikke lige tjekke denne log?

Logfile of HijackThis v1.99.1
Scan saved at 11:07:57, on 25-02-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\mdmdll.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\programmer\mailskinner\mailskinner.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmer\DV Series\Console\Watch.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Finn Jørgensen\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F3 - REG:win.ini: run=c:\windows\system32\mdmdll.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Mdmdll] c:\windows\system32\mdmdll.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB002" /M "Stylus C44"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MailSkinner] c:\programmer\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1049.dll,InstantAccess
O4 - HKCU\..\Run: [Mdmdll] c:\windows\system32\mdmdll.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Watch.lnk = C:\Programmer\DV Series\Console\Watch.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_XP.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4_XP.cab
O16 - DPF: {0E79192A-C52C-4260-920F-639AC2296203} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1048_EN_XP.cab
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_ASPIV4_XP.cab
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/sysiasvc32_EN_XP.cab
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_XP.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede chrisson Nybegynder
25. februar 2006 - 11:15 #1
Tak på forhånd....
Avatar billede ejvindh Ekspert
25. februar 2006 - 11:33 #2
Jeg kigger den lige igennem :-)
Avatar billede chrisson Nybegynder
25. februar 2006 - 11:35 #3
Tak :-D
Avatar billede ejvindh Ekspert
25. februar 2006 - 11:43 #4
Der var en del forskelligt:

Download og gem denne scanner på skrivebordet. Du skal ikke aktivere det endnu.
http://www.spywareinfo.dk/download/mwav.exe

Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og kør Ewido - opdater programmet.

Tast ctrl-alt-delete, Klik på Jobliste/Taskmanager, Processer/Processes. Find nedenstående processer, højreklik på dem og vælg afslut proces.
mdmdll.exe
mailskinner.exe

Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F3 - REG:win.ini: run=c:\windows\system32\mdmdll.exe
O4 - HKLM\..\Run: [Mdmdll] c:\windows\system32\mdmdll.exe
O4 - HKCU\..\Run: [MailSkinner] c:\programmer\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1049.dll,InstantAccess
O4 - HKCU\..\Run: [Mdmdll] c:\windows\system32\mdmdll.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_XP.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4_XP.cab
O16 - DPF: {0E79192A-C52C-4260-920F-639AC2296203} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1048_EN_XP.cab
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_ASPIV4_XP.cab
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/sysiasvc32_EN_XP.cab
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_XP.cab

Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet herunder (nogle af dem er muligvis allerede blevet slettet af Hijackthis).
-------------------
Mapper:
c:\programmer\mailskinner\
-------------------
Filer:
C:\WINDOWS\SYSTEM\blank.htm
c:\windows\system32\mdmdll.exe

Søg efter denne fil, og slet den, hvis du finder den
p2esocks_1049.dll
---------------------------------------
Kør en fuld scanning med Ewido. Programmet laver en lille log, som du skal kopiere herind i dit næste svar.

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Klik på scan clean. Det kan godt tage lang tid (nogle timer), men den er også meget effektiv.
Genstart til normal tilstand, lav en ny HJT-log, som du sender herind til check.
Avatar billede chrisson Nybegynder
25. februar 2006 - 11:55 #5
Ok,det prøver jeg!
Avatar billede chrisson Nybegynder
25. februar 2006 - 13:21 #6
I Ewido Fjernede jeg ikke nogle, (Ved ikke om jeg skulle)
Men her er den...

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            13:06:01, 25-02-2006
+ Rapport-Checksum:        8A2A8F00

+ Scanningsresultat:
    HKU\S-1-5-21-1644491937-436374069-854245398-1003\Software\EGDHTML -> Dialer.Generic : Ignoreret
    C:\RECYCLED\NPROTECT\00276214.DLL -> Dialer.Generic : Ignoreret
    C:\RECYCLED\NPROTECT\00276225.DLL -> Dialer.InstantAccess.f : Ignoreret
    C:\RECYCLED\NPROTECT\00276228.DLL -> Dialer.Generic : Ignoreret
    C:\RECYCLED\Dc56.exe -> Downloader.Crypt : Ignoreret
    C:\Documents and Settings\Finn Jørgensen\Skrivebord\backups\backup-20060225-120712-216.dll -> Dialer.Generic : Ignoreret
    C:\Documents and Settings\Finn Jørgensen\Skrivebord\backups\backup-20060225-120715-285.dll -> Dialer.InstantAccess.f : Ignoreret
    C:\Documents and Settings\Finn Jørgensen\Skrivebord\backups\backup-20060225-120716-943.dll -> Dialer.Generic : Ignoreret
    C:\Documents and Settings\Finn Jørgensen\Cookies\finn jørgensen@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Ignoreret
    C:\Documents and Settings\Finn Jørgensen\Cookies\finn jørgensen@sel.as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Ignoreret
    C:\Documents and Settings\Finn Jørgensen\Cookies\finn jørgensen@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Ignoreret
    C:\Documents and Settings\Finn Jørgensen\Cookies\finn jørgensen@adtech[2].txt -> Spyware.Cookie.Adtech : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP615\A0024411.exe -> Downloader.Crypt : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP611\A0024344.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP611\A0024347.dll -> Dialer.InstantAccess.f : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP611\A0024348.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP611\A0024357.exe -> Downloader.Crypt : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP611\A0024358.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP611\A0024364.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP611\A0024371.exe -> Downloader.Crypt : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP611\A0024372.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP623\A0024507.exe -> Downloader.Crypt : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP629\A0024577.EXE -> Downloader.Crypt : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024321.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024329.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024339.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024205.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024206.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024207.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024208.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024209.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024210.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024211.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024212.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024213.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024214.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024215.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024216.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024217.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024218.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024219.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024220.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024221.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024222.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024223.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024224.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024225.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024226.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024227.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024228.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024229.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024230.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024231.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024232.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024233.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024234.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024235.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024236.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024237.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024238.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024239.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024240.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024241.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024242.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024243.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024244.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024245.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024246.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024247.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024248.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024249.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024250.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024251.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024252.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024253.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024254.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024255.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024256.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024257.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024258.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024259.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024260.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024261.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024262.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024263.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024264.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024265.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024266.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024267.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024268.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024269.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024270.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024271.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024272.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024273.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024274.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024275.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024276.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024277.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024278.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024279.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024280.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024281.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024282.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024283.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024284.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024285.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024286.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024287.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024288.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024289.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024290.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024291.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024292.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024293.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024294.exe -> Downloader.Dluca : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024295.dll -> Logger.Mslagent : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024296.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024297.dll -> Adware.NaviPromo : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024298.dll -> Dialer.InstantAccess.f : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024299.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024300.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024301.exe -> Downloader.Crypt : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024302.dll -> Dialer.InstantAccess.f : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024303.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024304.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024305.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024306.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024307.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024308.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024309.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024310.dll -> Dialer.Generic : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024311.exe -> Downloader.Wintrim.cd : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024312.dll -> Trojan.P2E.bc : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024313.dll -> Trojan.Wintrim : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024314.exe -> Downloader.Crypt : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP610\A0024315.exe -> Downloader.Crypt : Ignoreret
    C:\System Volume Information\_restore{B7B98146-DB4E-4EA7-ACD7-3ABC909832B9}\RP614\A0024403.dll -> Adware.NaviPromo : Ignoreret
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Renset med backup


::Rapport slut

Ps. Fjernede 1
Avatar billede chrisson Nybegynder
25. februar 2006 - 13:25 #7
Den anden log


Logfile of HijackThis v1.99.1
Scan saved at 13:25:13, on 25-02-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\DV Series\Console\Watch.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Finn Jørgensen\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB002" /M "Stylus C44"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Watch.lnk = C:\Programmer\DV Series\Console\Watch.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede ejvindh Ekspert
25. februar 2006 - 13:30 #8
Det hjalp på HJT-loggen, der er ren. Men du skulle nu have ladet Ewido fixe de ting den fandt. Du kan evt. køre den igen, men hvis du følger den følgende oprydnings-procedure, så skulle det meste af det nu forsvinde alligevel (da det meste skidt lå i gendannelsespunkterne og papirkurven):

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Jeg takker i øvrigt for point :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:38 Netkort finder 5 forbindelser,bare ikke min, Af valby i Internetforbindelser
I går 12:52 Installation af Outlook Classic Af mort1 i E-mail programmer
I går 12:08 Alt ender i skyen Af mort1 i Windows
I går 11:38 Væk fra Microsoft Launcher på min Android Af mort1 i Apps til Android
I går 09:20 TEMU vil installeres på min Samsung S10 Af mort1 i Apps til Android
White papers
Flere white papers »