Søg
Avatar billede molle75 Nybegynder
15. marts 2006 - 14:00 Der er 11 kommentarer og
2 løsninger

Hijackthislog af den seriøse slags.

Logfile of HijackThis v1.99.1
Scan saved at 12:20:45, on 15-03-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\moho\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1800searchonline.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.1800searchonline.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http:\\signon.stofanet.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\System32\iifge.dll
O4 - HKLM\..\Run: [Https Locator] C:\WINDOWS\System32\wdfmngr.exe
O4 - HKLM\..\RunServices: [Https Locator] C:\WINDOWS\System32\wdfmngr.exe
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmer\SideFind\sidefind.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: v3cab - http://searchmiracle.com/cab/7.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://192.168.1.6/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/gdownloader.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O20 - Winlogon Notify: iifge - C:\WINDOWS\System32\iifge.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\lvnq0955e.dll
O23 - Service: Win Logon ( Microsoft Windows Logon Process) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9ydGVuIEj4aWx1bmQ\command.exe (file missing)
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: HttpsV2 - Unknown owner - C:\WINDOWS\System32\wdfmngr.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: SafeNet IKE Service (IREIKE) - Unknown owner - C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe (file missing)
O23 - Service: mansorr here (mans0r) - Unknown owner - C:\WINDOWS\finderd.exe (file missing)
O23 - Service: cyberz mansor (mansor) - Unknown owner - C:\WINDOWS\mansor.exe (file missing)
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINDOWS\msinit.exe (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\winpad.exe (file missing)
O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: NTsystem (System) - Unknown owner - C:\WINDOWS\ntsys32.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Windows 32 Bit (Windows 32 Bit Drivers) - Unknown owner - C:\WINDOWS\WinVid32.exe (file missing)

Dr Web log;
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 95
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 3687 Kb/s
Scan time: 00:00:07

Ewido log;

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            12:10:00, 15-03-2006
+ Rapport-Checksum:        846983B5

+ Scanningsresultat:
    HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Renset med backup
    HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Renset med backup
    HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Renset med backup
    HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Renset med backup
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Renset med backup
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Renset med backup
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Renset med backup
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Renset med backup
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Renset med backup
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Renset med backup
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Renset med backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Renset med backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Renset med backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Renset med backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Renset med backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Renset med backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Adware.MoneyTree : Renset med backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Adware.MoneyTree : Renset med backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Renset med backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Adware.WinAd : Renset med backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Adware.WinAd : Renset med backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Adware.WinAd : Renset med backup
    HKLM\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 -> Adware.PurityScan : Renset med backup
    HKLM\SOFTWARE\Classes\PLOT.PlotCtrl.1 -> Adware.EliteBar : Renset med backup
    HKLM\SOFTWARE\Classes\SideFind.Finder -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Classes\SideFind.Finder\CLSID -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Classes\SideFind.Finder\CurVer -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Classes\SideFind.Finder.1 -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Adware.YourSiteBar : Renset med backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Adware.YourSiteBar : Renset med backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Adware.YourSiteBar : Renset med backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj.1 -> Adware.YourSiteBar : Renset med backup
    HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Renset med backup
    HKLM\SOFTWARE\Elitum -> Adware.EliteBar : Renset med backup
    HKLM\SOFTWARE\Elitum\EliteToolBar -> Adware.EliteBar : Renset med backup
    HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : Renset med backup
    HKLM\SOFTWARE\ISTsvc\history -> Adware.ISTBar : Renset med backup
    HKLM\SOFTWARE\Media Access -> Adware.WinAD : Renset med backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Renset med backup
    HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Adware.BargainBuddy : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar -> Adware.EliteBar : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Adware.ISTBar : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access -> Adware.WinAD : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Adware.PurityScan : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais -> Adware.180Solutions : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar -> Adware.ISTBar : Renset med backup
    HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Renset med backup
    HKLM\SOFTWARE\Preview AdService -> Adware.BlazeFind : Renset med backup
    HKLM\SOFTWARE\sais -> Adware.180Solutions : Renset med backup
    HKLM\SOFTWARE\SideFind -> Adware.SideFind : Renset med backup
    HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Renset med backup
    HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Renset med backup
    HKLM\SOFTWARE\YourSiteBar\Historymusic_keyword -> Adware.ISTBar : Renset med backup
    HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\.DEFAULT\Software\LQ -> Dialer.Generic : Renset med backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Renset med backup
    HKU\.DEFAULT\Software\salm -> Adware.180Solutions : Renset med backup
    HKU\S-1-5-21-1659004503-1202660629-854245398-1003\Software\Avenue Media -> Adware.InternetOptimizer : Renset med backup
    HKU\S-1-5-21-1659004503-1202660629-854245398-1003\Software\IST -> Adware.ISTBar : Renset med backup
    HKU\S-1-5-21-1659004503-1202660629-854245398-1003\Software\LQ -> Dialer.Generic : Renset med backup
    HKU\S-1-5-21-1659004503-1202660629-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Renset med backup
    HKU\S-1-5-21-1659004503-1202660629-854245398-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Renset med backup
    HKU\S-1-5-21-1659004503-1202660629-854245398-1003\Software\PowerScan -> Adware.PowerScan : Renset med backup
    HKU\S-1-5-21-1659004503-1202660629-854245398-1003\Software\sais -> Adware.180Solutions : Renset med backup
    HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\S-1-5-18\Software\LQ -> Dialer.Generic : Renset med backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Renset med backup
    HKU\S-1-5-18\Software\salm -> Adware.180Solutions : Renset med backup
    [752] C:\WINDOWS\system32\btotvid.dll -> Adware.Look2Me : Fejl under renselse
    [832] C:\WINDOWS\system32\btotvid.dll -> Adware.Look2Me : Fejl under renselse
    C:\Documents and Settings\moho\Cookies\moho@2o7[2].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@advertising[2].txt -> TrackingCookie.Advertising : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@atdmt[2].txt -> TrackingCookie.Atdmt : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@bfast[1].txt -> TrackingCookie.Bfast : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@burstnet[1].txt -> TrackingCookie.Burstnet : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@data2.perf.overture[1].txt -> TrackingCookie.Overture : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@doubleclick[1].txt -> TrackingCookie.Doubleclick : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@mediaplex[1].txt -> TrackingCookie.Mediaplex : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@perf.overture[1].txt -> TrackingCookie.Overture : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@statcounter[1].txt -> TrackingCookie.Statcounter : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@tacoda[1].txt -> TrackingCookie.Tacoda : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@vitacost.122.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@webstat[1].txt -> TrackingCookie.Web-stat : Renset med backup
    C:\Documents and Settings\moho\Cookies\moho@z1.adserver[1].txt -> TrackingCookie.Adserver : Renset med backup
    C:\Documents and Settings\moho\cx32.exe/rm32.dll -> Downloader.ConHook.y : Fejl under renselse
    C:\Documents and Settings\moho\cx32.exe/dr32.exe -> Downloader.VB.vz : Fejl under renselse
    C:\Documents and Settings\moho\Lokale indstillinger\Temp\180sainstallersilsais1.#xe/clientax.dll -> Adware.180Solutions : Fejl under renselse
    C:\Documents and Settings\moho\Lokale indstillinger\Temp\180sainstallersilsais1.#xe/clientax.dll -> Adware.180Solutions : Fejl under renselse
    C:\Documents and Settings\moho\Lokale indstillinger\Temp\bb.#xe -> Downloader.Adload.a : Renset med backup
    C:\Documents and Settings\moho\Lokale indstillinger\Temp\Del23.#mp -> Downloader.Small.asf : Renset med backup
    C:\Documents and Settings\moho\Lokale indstillinger\Temp\res24.#mp -> Adware.180Solutions : Renset med backup
    C:\Documents and Settings\moho\Lokale indstillinger\Temp\rs.exe -> Downloader.PurityScan.w : Renset med backup
    C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\W58PI3SP\AppWrap[1].#xe -> Adware.AdURL : Renset med backup
    C:\Installer.#xe -> Adware.Look2Me : Renset med backup
    C:\Program Files\Media Gateway\MediaGateway.#xe -> Adware.WinAD : Renset med backup
    C:\Programmer\180searchassistant -> Adware.180Solutions : Renset med backup
    C:\Programmer\180searchassistant\sais.#xe -> Adware.180Solutions : Renset med backup
    C:\Programmer\180searchassistant\saisau.dat -> Adware.180Solutions : Renset med backup
    C:\Programmer\180searchassistant\saishook.#ll -> Adware.180Solutions : Renset med backup
    C:\Programmer\180searchassistant\sais_gdf.dat -> Adware.180Solutions : Renset med backup
    C:\Programmer\180searchassistant\sais_kyf.dat -> Adware.180Solutions : Renset med backup
    C:\Programmer\BullsEye Network -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\ad.dat -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\bin -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\bin\adv.#xe -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\bin\adx.#xe -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\bin\bargains.#xe -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\t1120481653.dec -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\t1120544341.dec -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\t1120595244.dec -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\ub.dat -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\BullsEye Network\Uninstall.exe -> Adware.BargainBuddy : Renset med backup
    C:\Programmer\Fælles filer\mfqw\mfqwl.#xe -> Downloader.TSUpdate.p : Renset med backup
    C:\Programmer\Fælles filer\mfqw\mfqwm.#xe -> Downloader.TSUpdate.n : Renset med backup
    C:\Programmer\Fælles filer\mfqw\mfqwp.#xe -> Downloader.TSUpdate.f : Renset med backup
    C:\Programmer\ISTsvc -> Adware.ISTBar : Renset med backup
    C:\Programmer\Power Scan -> Adware.PowerScan : Renset med backup
    C:\Programmer\Power Scan\powerscan.#xe -> Adware.PowerScan : Renset med backup
    C:\Programmer\Power Scan\uninstall.#xe -> Adware.PowerScan : Renset med backup
    C:\Programmer\SideFind -> Adware.SideFind : Renset med backup
    C:\Programmer\SideFind\sfbho.#ll -> Adware.SideFind : Renset med backup
    C:\Programmer\SideFind\sfexd001 -> Adware.SideFind : Renset med backup
    C:\Programmer\SideFind\sidefind.#ll -> Adware.SideFind : Renset med backup
    C:\Programmer\SideFind\update -> Adware.SideFind : Renset med backup
    C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe -> Heuristic.Win32.Dialer : Renset med backup
    C:\Programmer\YourSiteBar -> Adware.YourSiteBar : Renset med backup
    C:\Programmer\YourSiteBar\imagemap_normal.bmp -> Adware.YourSiteBar : Renset med backup
    C:\Programmer\YourSiteBar\imagemap_over.bmp -> Adware.YourSiteBar : Renset med backup
    C:\Programmer\YourSiteBar\version.txt -> Adware.YourSiteBar : Renset med backup
    C:\Programmer\YourSiteBar\yoursitebar.xml -> Adware.YourSiteBar : Renset med backup
    C:\RECYCLER\S-1-5-21-1659004503-1202660629-854245398-1003\Dc17.#xe -> Trojan.Dialer.jr : Renset med backup
    C:\RECYCLER\S-1-5-21-1659004503-1202660629-854245398-1003\Dc18.#xe -> Trojan.Dialer.jr : Renset med backup
    C:\RECYCLER\S-1-5-21-1659004503-1202660629-854245398-1003\Dc19.#xe -> Trojan.Dialer.jr : Renset med backup
    C:\stub_113_4_0_4_0.#xe -> Downloader.TSUpdate.o : Renset med backup
    C:\ucmoreiex.#xe/UCMTSAIE.DLL -> Adware.Ucmore : Fejl under renselse
    C:\ucmoreiex.#xe/IUCMORE.DLL -> Adware.Ucmore : Fejl under renselse
    C:\WINDOWS\Denmark.#xe -> Trojan.Dialer.jr : Renset med backup
    C:\WINDOWS\Downloaded Program Files\ClientAX.#ll -> Adware.180Solutions : Renset med backup
    C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.#cx -> Adware.MediaTickets : Renset med backup
    C:\WINDOWS\Downloaded Program Files\v3.#ll -> Adware.EliteBar : Renset med backup
    C:\WINDOWS\etb\nt_hide63.#ll -> Trojan.EliteBar.a : Renset med backup
    C:\WINDOWS\etb\pokapoka63.#xe -> Downloader.Agent.tv : Renset med backup
    C:\WINDOWS\etb\pokapoka65.#xe -> Downloader.Agent.tv : Renset med backup
    C:\WINDOWS\etb\xud_63.#ll -> Downloader.Agent.tv : Renset med backup
    C:\WINDOWS\icont.#xe -> Adware.AdURL : Renset med backup
    C:\WINDOWS\iconu.#xe -> Adware.Zestyfind : Renset med backup
    C:\WINDOWS\mtuninst.#xe -> Adware.MediaTickets : Renset med backup
    C:\WINDOWS\protector_update.exe -> Heuristic.Win32.Morphine-Crypted : Renset med backup
    C:\WINDOWS\stub_113_4_0_4_0.#xe -> Downloader.TSUpdate.o : Renset med backup
    C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Renset med backup
    C:\WINDOWS\system32\cfwdm32.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@casalemedia[1].txt -> TrackingCookie.Casalemedia : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@revenue[2].txt -> TrackingCookie.Revenue : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\N833XDZL\mtrslib2[1].#s -> Downloader.Small.ag : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\N833XDZL\ucmoreiex[1].#xe/UCMTSAIE.DLL -> Adware.Ucmore : Fejl under renselse
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\N833XDZL\ucmoreiex[1].#xe/IUCMORE.DLL -> Adware.Ucmore : Fejl under renselse
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\OE04BIHQ\webrebates_europe[1].#xe -> Adware.WebRebates : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\SHSNWCNH\stub_113_4_0_4_0[2].#xe -> Downloader.TSUpdate.o : Renset med backup
    C:\WINDOWS\system32\cxvfat.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\dieinobj.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\dn4201hoe.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\dnn4015qe.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\docpcsvc.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\e4200efmeh2a0.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\enp6l17s1.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\fpl4033qe.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\HDOtap05.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\hr6805jue.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\hrj8051ue.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\hrls0537e.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\hrrq0595e.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\irl2l53o1.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\j20s0cd7ef0.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\j2p0lc7m1f.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\lt4027hmg.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\lv0409dqe.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\lv8209loe.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\lvj2091oe.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\m4rm0e91eh.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\m8820iloe8qc0.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\morui.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\nztshell.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\oeexl32.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\oins.exe -> Adware.MediaTickets : Renset med backup
    C:\WINDOWS\system32\r0r60a9sed.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\r86u0ij9e8o.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\TFTP1460 -> Trojan.Crypt.d : Renset med backup
    C:\WINDOWS\system32\wbem\wmiprvi.dll -> Trojan.Mutech.b : Renset med backup
    C:\WINDOWS\system32\wnadefui.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\Temp\bw2.#om -> Adware.Zestyfind : Renset med backup
    C:\WINDOWS\Temp\Cookies\moho@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\WINDOWS\yhsjober.#xe -> Adware.180Solutions : Renset med backup


::Rapport slut
Avatar billede kalp Novice
15. marts 2006 - 14:04 #1
kan ikke nå, at tage den derfor kun denne kommentar:) flot log:O)
Avatar billede ejvindh Ekspert
15. marts 2006 - 16:39 #2
Fortsætter herfra: http://www.eksperten.dk/spm/695196

molle75: Det er lidt nemmere at holde overblikket over trådene, hvis du lægger dine indlæg i den samme tråd. Ellers er det ikke nemt at se, hvad der tidligere har været gjort, og så kommer du aldrig til bunds i dine problemer :-)
Avatar billede ejvindh Ekspert
15. marts 2006 - 16:43 #3
Da jeg lige har haft en lignende log, i en anden tråd, tillader jeg mig at lægge en start-procedure.

-- Hent Look2Me-Destroyer herfra:
http://www.atribune.org/ccount/click.php?id=7
...og gem værktøjet på dit Skrivebord.

-- Hent VirtumundoBeGone, gem det på skrivebordet:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

=================================================================
(1)
-- Genstart herefter til normal tilstand

-- Luk alle åbne programvinduer - inklusiv Internet Explorer.

-- Dobbeltklik på Look2Me-Destroyer, sæt et flueben i "Run this program as a task". Du får en meddelelse om, at Look2Me-Destroyer vil lukke og åbne efter 10 sekunder - klik på OK.

Når Look2Me-Destroyer genåbner - klik på "Scan for L2M" - dine ikoner forsvinder - klik "Remove L2M". Klik OK når du får meddelelsen "Done scanning".

Nu får du meddelelsen "Done removing infected files!. Programmet vil lukke din computer - klik OK. Nu skal du finde filen C:\Look2Me-Destroyer.txt og kopiere indholdet herind.

-- Hvis din firewall vil blokere Look2Me-Destroyers adgang til nettet, så skal du lade programmet få adgang.

Hvis du får en runtime error 339, så skal du hente MSWINSCK.OCX herfra:
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
...og placere den i mappen C:\Windows\System32 Directory.
=================================================================
(2)
-- Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.

-- Det sker sommetider at fixet afslutter med "BSOD"(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.

-- Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind.
=================================================================

I tillæg til de 2 nævnte logs (fra Look2Me-Destroyer og VirtumondoBegone), må du gerne lave en ny log med Hijackthis, som du lægger herind -- så jeg kan se hvor langt du er kommet.
Avatar billede molle75 Nybegynder
15. marts 2006 - 22:51 #4
Nååå, så gik dagen med det, hvor langt er vi så nået?

Hvordan lukker/sletter jeg mit første spørgsmål fra igår?


Look2Me-Destroyer V1.0.10

Scanning for infected files.....
Scan started at 15-03-2006 22:18:03

Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057137.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057140.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057141.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057142.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057143.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057144.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057146.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057163.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057166.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057170.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057173.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057174.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057175.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057176.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057178.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057179.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057180.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057181.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057182.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057183.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057184.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057185.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057186.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057189.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057195.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057196.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057200.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057202.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057215.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057229.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057235.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057236.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP152\A0057252.dll
Infected! C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP152\A0057253.dll
Infected! C:\WINDOWS\system32\btotvid.dll
Infected! C:\WINDOWS\system32\s0pu0a79ed.dll
Infected! C:\WINDOWS\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057137.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057137.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057140.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057140.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057141.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057141.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057142.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057142.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057143.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057143.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057144.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057144.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057146.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057146.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057163.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057163.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057166.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057166.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057170.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057170.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057173.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057173.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057174.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057174.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057175.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057175.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057176.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057176.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057178.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057178.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057179.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057179.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057180.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057180.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057181.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057181.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057182.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057182.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057183.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057183.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057184.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057184.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057185.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057185.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057186.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057186.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057189.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057189.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057195.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057195.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057196.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057196.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057200.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057200.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057202.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057202.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057215.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057215.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057229.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057229.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057235.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057235.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057236.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057236.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP152\A0057252.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP152\A0057252.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP152\A0057253.dll
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP152\A0057253.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\btotvid.dll
C:\WINDOWS\system32\btotvid.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s0pu0a79ed.dll
C:\WINDOWS\system32\s0pu0a79ed.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A60018E0-CE8B-422C-9C65-444898903A7B}"
HKCR\Clsid\{A60018E0-CE8B-422C-9C65-444898903A7B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E67480F5-4B47-4769-9E9D-77D6477BC83D}"
HKCR\Clsid\{E67480F5-4B47-4769-9E9D-77D6477BC83D}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

[03/15/2006, 22:35:00] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\moho\Skrivebord\VirtumundoBeGone.exe" )
[03/15/2006, 22:35:05] - Detected System Information:
[03/15/2006, 22:35:05] -  Windows Version: 5.1.2600, Service Pack 1
[03/15/2006, 22:35:05] -  Current Username: moho (Admin)
[03/15/2006, 22:35:05] -  Windows is in NORMAL mode.
[03/15/2006, 22:35:05] - Searching for Browser Helper Objects:
[03/15/2006, 22:35:05] -  BHO 1: {6D33B121-5C4C-4450-9D1F-7B67085CC199} (WTLHelper Object)
[03/15/2006, 22:35:05] - Finished Searching Browser Helper Objects
[03/15/2006, 22:35:05] - Finishing up...
[03/15/2006, 22:35:05] - Nothing found! Exiting...

Logfile of HijackThis v1.99.1
Scan saved at 22:46:21, on 15-03-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\wdfmngr.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Documents and Settings\moho\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1800searchonline.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.1800searchonline.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http:\\signon.stofanet.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\System32\iifge.dll
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmer\SideFind\sidefind.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: v3cab - http://searchmiracle.com/cab/7.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://192.168.1.6/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/gdownloader.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O20 - Winlogon Notify: iifge - C:\WINDOWS\System32\iifge.dll
O23 - Service: Win Logon ( Microsoft Windows Logon Process) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9ydGVuIEj4aWx1bmQ\command.exe (file missing)
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: HttpsV2 - Unknown owner - C:\WINDOWS\System32\wdfmngr.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: SafeNet IKE Service (IREIKE) - Unknown owner - C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe (file missing)
O23 - Service: mansorr here (mans0r) - Unknown owner - C:\WINDOWS\finderd.exe (file missing)
O23 - Service: cyberz mansor (mansor) - Unknown owner - C:\WINDOWS\mansor.exe (file missing)
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINDOWS\msinit.exe (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\winpad.exe (file missing)
O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: NTsystem (System) - Unknown owner - C:\WINDOWS\ntsys32.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
O23 - Service: Windows 32 Bit (Windows 32 Bit Drivers) - Unknown owner - C:\WINDOWS\WinVid32.exe (file missing)
Avatar billede ejvindh Ekspert
15. marts 2006 - 23:10 #5
Du lukker de andre spørgsmål ved selv at lægge et svar, som du accepterer.

Angående hvor langt du er nået, så fik du den éne af de svære infektioner slået ned. Men den sværeste mangler stadig. Prøv følgende:


-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\Documents and Settings\moho\cx32.exe
C:\Documents and Settings\moho\Lokale indstillinger\Temp\180sainstallersilsais1.#xe
C:\ucmoreiex.#xe
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\N833XDZL\ucmoreiex[1].#xe
C:\WINDOWS\System32\iifge.dll
C:\WINDOWS\winlogon.exe
C:\WINDOWS\System32\wdfmngr.exe
C:\WINDOWS\ipconfg32.exe
C:\WINDOWS\finderd.exe
C:\WINDOWS\mansor.exe
C:\WINDOWS\msinit.exe
C:\WINDOWS\msiconfig.exe
C:\WINDOWS\winpad.exe
C:\WINDOWS\msnet32.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\ntsys32.exe
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\WinVid32.exe

Folders to Delete:
C:\Programmer\SideFind
C:\WINDOWS\TW9ydGVuIEj4aWx1bmQ
C:\Programmer\Network Monitor
-----------------------------

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Klik på Start-kør. Skriv: Services.msc Tast OK.
Find følgende services, højreklik på dem og vælg egenskaber. Under starttype vælger du deaktiveret. Klik også på Stop:
Win Logon
Command Service
HttpsV2
IpManager
mansorr here
cyberz mansor
msinit
MS Ins Config
Word Process
Microsoft Network Service
Network Monitor
Performance True Type Font
NTsystem
Win32Sr
Windows 32 Bit

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1800searchonline.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.1800searchonline.com/sp2.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\System32\iifge.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmer\SideFind\sidefind.dll (file missing)
O16 - DPF: v3cab - http://searchmiracle.com/cab/7.cab
O20 - Winlogon Notify: iifge - C:\WINDOWS\System32\iifge.dll

-- Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger
Avatar billede molle75 Nybegynder
16. marts 2006 - 08:25 #6
Hermed log af Hijackthis og Avenger. Tak for den gode service, det ser bedre og bedre ud mht hastighed og fejl!

Logfile of HijackThis v1.99.1
Scan saved at 08:20:06, on 16-03-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\Documents and Settings\moho\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http:\\signon.stofanet.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [Https Locator] C:\WINDOWS\System32\wdfmngr.exe
O4 - HKLM\..\RunServices: [Https Locator] C:\WINDOWS\System32\wdfmngr.exe
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://192.168.1.6/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/gdownloader.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - Unknown owner - C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mseabcks

*******************

Script file located at: \??\C:\bbclnsyn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\moho\cx32.exe deleted successfully.
File C:\Documents and Settings\moho\Lokale indstillinger\Temp\180sainstallersilsais1.#xe deleted successfully.
File C:\ucmoreiex.#xe deleted successfully.
File C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\N833XDZL\ucmoreiex[1].#xe deleted successfully.
File C:\WINDOWS\System32\iifge.dll deleted successfully.


File C:\WINDOWS\winlogon.exe not found!
Deletion of file C:\WINDOWS\winlogon.exe failed!

Could not process line:
C:\WINDOWS\winlogon.exe
Status: 0xc0000034

File C:\WINDOWS\System32\wdfmngr.exe deleted successfully.


File C:\WINDOWS\ipconfg32.exe not found!
Deletion of file C:\WINDOWS\ipconfg32.exe failed!

Could not process line:
C:\WINDOWS\ipconfg32.exe
Status: 0xc0000034



File C:\WINDOWS\finderd.exe not found!
Deletion of file C:\WINDOWS\finderd.exe failed!

Could not process line:
C:\WINDOWS\finderd.exe
Status: 0xc0000034



File C:\WINDOWS\mansor.exe not found!
Deletion of file C:\WINDOWS\mansor.exe failed!

Could not process line:
C:\WINDOWS\mansor.exe
Status: 0xc0000034



File C:\WINDOWS\msinit.exe not found!
Deletion of file C:\WINDOWS\msinit.exe failed!

Could not process line:
C:\WINDOWS\msinit.exe
Status: 0xc0000034



File C:\WINDOWS\msiconfig.exe not found!
Deletion of file C:\WINDOWS\msiconfig.exe failed!

Could not process line:
C:\WINDOWS\msiconfig.exe
Status: 0xc0000034



File C:\WINDOWS\winpad.exe not found!
Deletion of file C:\WINDOWS\winpad.exe failed!

Could not process line:
C:\WINDOWS\winpad.exe
Status: 0xc0000034



File C:\WINDOWS\msnet32.exe not found!
Deletion of file C:\WINDOWS\msnet32.exe failed!

Could not process line:
C:\WINDOWS\msnet32.exe
Status: 0xc0000034



File C:\WINDOWS\System32\perfont.exe not found!
Deletion of file C:\WINDOWS\System32\perfont.exe failed!

Could not process line:
C:\WINDOWS\System32\perfont.exe
Status: 0xc0000034



File C:\WINDOWS\ntsys32.exe not found!
Deletion of file C:\WINDOWS\ntsys32.exe failed!

Could not process line:
C:\WINDOWS\ntsys32.exe
Status: 0xc0000034

File C:\WINDOWS\win32ssr.exe deleted successfully.


File C:\WINDOWS\WinVid32.exe not found!
Deletion of file C:\WINDOWS\WinVid32.exe failed!

Could not process line:
C:\WINDOWS\WinVid32.exe
Status: 0xc0000034



Folder C:\Programmer\SideFind not found!
Deletion of folder C:\Programmer\SideFind failed!

Could not process line:
C:\Programmer\SideFind
Status: 0xc0000034

Folder C:\WINDOWS\TW9ydGVuIEj4aWx1bmQ deleted successfully.
Folder C:\Programmer\Network Monitor deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Avatar billede ejvindh Ekspert
16. marts 2006 - 08:44 #7
Det ser bestemt også efterhånden rigtig godt ud. Nu røg også den svære af infektionerne. Der dukkede dog et par nye entries op i HJT-loggen, som bør fixes. Men eftersom den tilhørende fil skulle være slettet, burde det også være en smal sag:

Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [Https Locator] C:\WINDOWS\System32\wdfmngr.exe
O4 - HKLM\..\RunServices: [Https Locator] C:\WINDOWS\System32\wdfmngr.exe

Genstart herefter computeren og lav en ny log med HJT, som du lægger herind, så jeg kan se om der dukker nye linier op.

Da din computer var meget inficeret, synes jeg også vi skal prøve at tage et scan efter rootkits. Bare for a checke om der stadig ligger noget skjult, som gemmer sig for de almindelige værktøjer:

(1)
Hent Blacklight her http://www.f-secure.com/blacklight/try.shtml Scroll ned på siden, og klik "iaccept". På næste side kan du downloade Blacklight til skrivebordet. Dobbeltklik filen, og klik scan. Når den er færdig laver den en log på skrivebordet. Kopier loggen her ind. Du skal ikke lade Blacklight fjerne noget endnu.

(2)
-- Hent AproposFix her:
http://swandog46.geekstogo.com/aproposfix.exe
Gem programmet, hvor du kan finde det igen - du skal ikke køre programmet (endnu).

-- Genstart din computer i Fejlsikret tilstand (ved at taste F8 under opstart).

-- Dobbeltklik på AproposFix.exe og pak programmet ud til dit Skrivebord. Åben AproposFix mappen og dobbeltklik på RunThis.bat. Følg programmets vejledning.

-- Når programmet er færdigt, genstart i Normal tilstand, find filen log.txt, der ligger i AproposFix mappen, og læg den herind også.
Avatar billede molle75 Nybegynder
16. marts 2006 - 09:29 #8
Når jeg dobbeltklikker på Blackligst efter download skriver den;
F-Secue BlackLight was unable to acquire necessary privileges (SeDebugPrivilege)
Avatar billede ejvindh Ekspert
16. marts 2006 - 09:37 #9
Det kan skyldes at du ikke er logget ind på en brugerkonto, der har administrator-rettigheder -- cf:
http://www.f-secure.com/blacklight/help/
Avatar billede molle75 Nybegynder
16. marts 2006 - 14:18 #10
Jeg kan ikke løse BlackLight fejlen, jeg er logget på med admin rettigheder. Her er AproposFix loggen;
Log of AproposFix v1.1

************

Running from directory: 
C:\Documents and Settings\moho\Skrivebord\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

Jeg har stadig problemer når jeg logger på Windows. Når jeg har tastet min kode skriver den i 4 ud af 5 tilfælde;
Systemet kunne ikke logge dig på. Serveren, der godkender dig, rapporterede en fejl. (OKC00000BB) Se i hændelsesloggen for yderligere oplysninger.

Hænger dette sammen med alt det andet?
Avatar billede ejvindh Ekspert
16. marts 2006 - 19:32 #11
Apropos-loggen er fin. Det er mærkeligt med den fejl i Blacklight. Jeg tvivler på, at det hænger sammen med dine logon-problemer, idet det mest tyder på, at du ikke får adgang til en server, som du er tilsluttet (?). Hvis den fortsætter med at læse din vanlige bruger ind, så burde denne bruger stadig have de samme rettigheder, som du plejer.

Det skal siges, at det vi er ude i i øjeblikket kun er en ekstra sikkerhed. Normalt ville jeg egentlig være stoppet da HJT-loggen var ren. Det er blot for at checke om der skulle ligge noget ekstra, der var skyld i, at du var blevet så inficeret som du var.

Prøv dette alternativ til Blacklight:
Hent denne zipfil, pak den ud i en mappe på skrivebordet:
http://www.sysinternals.com/files/rootkitrevealer.zip
Åbn mappen, og dobbeltklik på rootkitrevealer.exe
Klik på File oppe til venstre i det vindue der åbnede sig, vælg Scan.
Når scanningen er færdig, klik på File igen, vælg Save og gem logfilen.
Kopier RootkitReveal.txt herind.
Avatar billede molle75 Nybegynder
16. marts 2006 - 22:24 #12
Nå ejvindh, kan vi lukke sagen efter denne?

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1    06-02-2006 17:44    7.87 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0003.VBN    16-03-2006 21:54    11.46 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN    16-03-2006 22:06    48.09 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0005.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0006.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0007.VBN    16-03-2006 22:06    57.59 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0008.VBN    16-03-2006 22:06    114.59 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0009.VBN    16-03-2006 22:06    108.39 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C000A.VBN    16-03-2006 22:06    153.09 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C000B.VBN    16-03-2006 22:06    95.34 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C000C.VBN    16-03-2006 22:06    211.09 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C000D.VBN    16-03-2006 22:06    147.59 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07DC0000.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07DC0001.VBN    16-03-2006 22:06    14.68 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00000.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00001.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00002.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00003.VBN    16-03-2006 22:06    184.09 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40000.VBN    16-03-2006 22:06    102.59 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40001.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40002.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40003.VBN    16-03-2006 22:06    15.95 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E80000.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0000.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0001.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0002.VBN    16-03-2006 22:06    208.09 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00000.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00001.VBN    16-03-2006 22:06    57.59 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40003.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40004.VBN    16-03-2006 22:06    70.43 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40005.VBN    16-03-2006 22:06    90.77 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40006.VBN    16-03-2006 22:06    76.09 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40007.VBN    16-03-2006 22:06    208.09 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40008.VBN    16-03-2006 22:06    83.45 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40009.VBN    16-03-2006 22:06    208.09 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F4000A.VBN    16-03-2006 22:06    208.09 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F4000B.VBN    16-03-2006 22:06    211.59 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F4000C.VBN    16-03-2006 22:06    260.70 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F4000D.VBN    16-03-2006 22:06    108.39 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F80000.VBN    16-03-2006 22:06    10.59 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F80001.VBN    16-03-2006 22:06    14.91 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07FC0001.VBN    16-03-2006 22:06    14.68 KB    Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07FC0002.VBN    16-03-2006 22:06    322.16 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Cookies\moho@track.adform[1].txt    16-03-2006 15:15    1.15 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Cookies\moho@track.adform[2].txt    16-03-2006 21:58    1.15 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\019206_PwC_seminar[1].gif    16-03-2006 22:00    20.45 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\1182718672@Top,TopRight,Top3[1]    16-03-2006 21:58    2.48 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\1755720796@Top,TopRight,Top3[1]    16-03-2006 21:58    2.47 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\30708[1].gif    15-03-2006 23:04    19.49 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\30708[2].gif    16-03-2006 21:57    19.49 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\33653662383630313433663566373830[24].gif    16-03-2006 21:57    43 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\33653662383630313433663566373830[25].gif    16-03-2006 21:58    43 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\33653662383630313433663566373830[26].gif    16-03-2006 21:58    43 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\48_picture_2968_1[1].jpg    16-03-2006 21:59    4.01 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\eas[2]    16-03-2006 21:59    927 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\eas[3]    16-03-2006 08:40    273 bytes    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\fund.kf.DK0010293554Y510230[1].png    15-03-2006 23:06    3.42 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\gateway[1].gif    16-03-2006 15:14    55 bytes    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\index.kf.140H210194[1].png    16-03-2006 14:19    2.92 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\kf_invforening_kursliste[1]    16-03-2006 21:58    155.50 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\modules[1].css    16-03-2006 14:10    82.97 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\print[1].css    16-03-2006 21:59    3.07 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\4X2BG9A3\top[1].htm    16-03-2006 22:00    2.59 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\1629197605@Top,Bottom,TopRight[1]    16-03-2006 21:58    2.54 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\695352[1].htm    16-03-2006 21:49    117.36 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\ADF[2].htm    16-03-2006 21:58    370 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\BlobServer[1].gif    16-03-2006 21:57    24.52 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\BlobServer[2].gif    16-03-2006 21:57    4.37 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\BlobServer[3].gif    16-03-2006 21:58    141 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\eas[1]    16-03-2006 22:00    275 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\eas[2]    16-03-2006 22:00    292 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\eas[3]    16-03-2006 22:00    275 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\EAS_tag.1.0[1].js    16-03-2006 15:14    1.94 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\gateway[3].gif    16-03-2006 22:00    55 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\kf_aktie_kursliste[1]    16-03-2006 15:14    49.68 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\kf_invforening_kursdata[1]    15-03-2006 23:06    37.70 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\modules[1].css    16-03-2006 21:59    82.97 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\top[1].htm    16-03-2006 15:14    2.57 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\AJ0NOFMD\top[2].htm    16-03-2006 21:59    2.57 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\1162186710@Top,TopRight,Top3[1]    16-03-2006 21:57    2.47 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\1869630670@Top,Bottom,TopRight[1]    16-03-2006 21:58    2.55 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\33653662383630313433663566373830[30].gif    16-03-2006 21:57    43 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\650[1].htm    16-03-2006 22:00    27.21 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\BlobServer[1].gif    16-03-2006 15:14    24.52 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\BlobServer[2].gif    16-03-2006 15:14    4.37 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\borsen[1].htm    16-03-2006 21:59    682 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\EAS_tag.1.0[1].js    16-03-2006 21:59    1.94 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\gateway[1].gif    16-03-2006 22:00    55 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\index.kf.137H210194[1].png    16-03-2006 21:57    2.70 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\index.kf.140H210194[1].png    16-03-2006 21:58    2.69 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\index.kf.387H210194[1].png    16-03-2006 14:19    2.87 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\index.kf.387H210194[2].png    16-03-2006 21:58    2.80 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\kf_invforening_kursdata[1]    16-03-2006 21:58    37.77 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\kf_invforening_kursliste[2]    16-03-2006 14:19    154.73 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9UB05WN\top[2].htm    16-03-2006 08:40    2.59 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\1201164634@Top,Bottom,TopRight[1]    16-03-2006 21:57    2.54 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\33653662383630313433663566373830[30].gif    16-03-2006 21:58    43 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\33653662383630313433663566373830[31].gif    16-03-2006 21:58    43 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\650[1].htm    16-03-2006 22:00    733 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\72687_banner_728x90[1].gif    16-03-2006 21:59    28.88 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\86100[1].jpg    16-03-2006 21:59    2.63 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\86102_f2[1].jpg    16-03-2006 21:59    11.69 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\ADF[2].htm    16-03-2006 21:57    369 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\ADF[3].htm    16-03-2006 21:58    369 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\BlobServer[4].gif    16-03-2006 14:20    141 bytes    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\borsen[2].htm    16-03-2006 15:14    37.57 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\eas[2]    16-03-2006 15:14    266 bytes    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\eas[3]    16-03-2006 15:14    893 bytes    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\eas[4]    16-03-2006 21:59    268 bytes    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\fund.kf.DK0010293554Y510230[1].png    16-03-2006 21:58    4.01 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\index.kf.137H210194[1].png    16-03-2006 15:14    2.77 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\kf_aktie_kursliste[1]    16-03-2006 21:57    49.67 KB    Hidden from Windows API.
C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\WDMN0XYV\print[2].css    16-03-2006 14:10    3.07 KB    Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\moho\Skrivebord\Look2Me-Destroyer.txt    15-03-2006 22:25    12.49 KB    Visible in Windows API, but not in MFT or directory index.
C:\Programmer\Fælles filer\Symantec Shared\VirusDefs\20060222.006\vscanmsx.dat    16-03-2006 22:04    2.02 KB    Hidden from Windows API.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057134.dll    04-09-2005 14:05    7.00 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057138.exe    04-01-2006 21:02    99.00 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057139.exe    03-11-2005 15:27    44.50 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057147.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057148.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057149.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057150.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057151.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057152.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057153.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057154.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057155.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057156.exe    19-08-2001 12:30    11.09 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057157.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057158.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057159.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057160.exe    19-08-2001 12:30    11.09 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057161.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057162.exe    19-08-2001 12:30    11.32 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057164.exe    08-02-2006 21:29    54.00 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057165.exe    20-12-2005 20:38    54.00 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057168.exe    29-05-2003 10:51    111.00 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057169.exe    30-09-2005 20:12    204.50 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057171.exe    11-07-2005 20:42    104.80 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057187.exe    05-07-2005 21:33    149.50 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057188.exe    18-01-2006 11:37    66.84 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057190.exe    30-06-2005 08:01    91.75 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057191.exe    15-01-2006 09:27    87.18 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057193.exe    28-07-2005 16:04    318.57 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057194.exe    25-01-2006 19:53    72.50 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057197.exe    30-09-2005 20:12    204.50 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057199.exe    29-05-2003 10:51    207.50 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057201.exe    24-07-2005 20:02    79.86 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057203.exe    30-09-2005 20:12    204.50 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057204.pif    23-08-2005 15:30    180.50 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057206.exe    30-09-2005 20:12    204.50 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057207.exe    14-02-2006 20:55    208.00 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057209.exe    29-05-2003 10:51    144.00 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057212.exe    29-05-2003 10:51    257.11 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057216.exe    11-07-2005 20:42    104.80 KB    Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{A50F5654-A425-4557-8E17-AC0B700798F1}\RP151\A0057224.exe    19-03-2005 07:56    12.36 KB    Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\LOOK2ME-DESTROYER.EXE-156E6F2D.pf    16-03-2006 22:11    11.46 KB    Hidden from Windows API.
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Logs\03162006.Log    16-03-2006 22:06    1.63 KB    Hidden from Windows API.
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD    16-03-2006 21:51    0 bytes    Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL    16-03-2006 21:51    0 bytes    Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Temp\~DFB7C0.tmp    16-03-2006 22:11    16.00 KB    Hidden from Windows API.
Avatar billede ejvindh Ekspert
17. marts 2006 - 11:40 #13
Der var godt nok mange entries i den log. Men de stammer sandsynligvis fra en bug, der er i nyeste version af Sysinternals. Men de minder mig om, at det kunne være godt, hvis du får ryddet op på din computer:

Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Hvis du har lyst er du herefter velkommen til at lave en ny log, med en ældre version af Sysinternals, som ikke har denne bug. Den kan du downloade her:
http://www.sysinternals.com/Forum/uploads/SpannerITWks/2005-11-16_023256_RKR_v1.55.zip

...men jeg tror ikke det er nødvendigt.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:38 Netkort finder 5 forbindelser,bare ikke min, Af valby i Internetforbindelser
I går 12:52 Installation af Outlook Classic Af mort1 i E-mail programmer
I går 12:08 Alt ender i skyen Af mort1 i Windows
I går 11:38 Væk fra Microsoft Launcher på min Android Af mort1 i Apps til Android
I går 09:20 TEMU vil installeres på min Samsung S10 Af mort1 i Apps til Android
White papers
Flere white papers »