Søg
Avatar billede anddk Praktikant
18. marts 2006 - 18:24 Der er 24 kommentarer og
2 løsninger

HijackThis Log

Hejsa

Er der en som vil checke denne log:

Logfile of HijackThis v1.99.1
Scan saved at 18:12:36, on 18-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\SVNUIEEvUw\command.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Network Monitor\netmon.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\SetWeb\SetWeb.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\D2D2DAD8D6DCD7.exe
C:\Programmer\Network\ipnetwork.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\win3208470-1798061.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\mousepad3.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\EQArticle\EQArticle.exe
C:\PROGRA~1\FLLESF~1\kzru\kzrum.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmer\Fælles filer\Windows\services32.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Bruger\Skrivebord\_slet\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programmer\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O2 - BHO: Yvakt Class - {B91A8E01-502D-4EF6-B0C4-7139709832ED} - C:\WINDOWS\system32\icda0wpw5.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [SetecCertUtil] C:\Programmer\SetWeb\SetWeb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [8989918F8D938E97] D2D2DAD8D6DCD7.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Programmer\Network\ipnetwork.exe
O4 - HKLM\..\Run: [[01]##############################################################################################################################] C:\Documents and Settings\Bruger\Internet Optimizer\update\rogue.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [win3208470-1798061] C:\WINDOWS\win3208470-1798061.exe
O4 - HKLM\..\Run: [ms0661470-17980] C:\WINDOWS\ms0661470-17980.exe
O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [Installed] 562
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EQArticle] "C:\Programmer\EQArticle\EQArticle.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [kzru] C:\PROGRA~1\FLLESF~1\kzru\kzrum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035f2ea7058bba7fd605/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://evidenceeraserpro.com/landings/EEProInstaller.cab
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen3321.CAB
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\system32\icda0wpw5.dll
O20 - AppInit_DLLs: repairs302973000.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Avatar billede arlet Juniormester
18. marts 2006 - 18:25 #1
kigger
Avatar billede arlet Juniormester
18. marts 2006 - 18:26 #2
Download og gem disse scanner på skrivebordet:

Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
(men lad være med at scanne endnu).

-----

Ewido: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet, (men lad være med at scanne endnu).

----------

Genstart i fejlsikret tilstand. Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange. Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report.

-----

Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

-----

Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.
-----

Begge rapporter kopier du herind sammen med en ny hijackthis taget efter du har kørt de 2 scannere
Avatar billede anddk Praktikant
18. marts 2006 - 18:30 #3
Hold da op, hvor du er hurtig :-) Skønt.

Jeg er gået igang....
Avatar billede var Nybegynder
18. marts 2006 - 18:38 #4
den her er vist godt og grundigt inficeret hva arlet.. ;)
Avatar billede rexa Nybegynder
18. marts 2006 - 18:40 #5
btw det hele står på hans hp www.Arlet.dk :D
sry arlet men syntes sgu den side fortjener noget reklame
fordi der er så meget som os " newbíes" kan gøre hurtigt og nemt
Thx for all :D
hehe
Avatar billede arlet Juniormester
18. marts 2006 - 19:12 #6
anddk -> Ja ikk ;-)

fazli -> Ja, derfor kan de 2 scannere rydde lidt op inden jeg tager fat..

rexa -> Tak for de pæne ord..
Avatar billede anddk Praktikant
18. marts 2006 - 19:49 #7
Scanner stadig... Det tager godt nok lang tid.

Ja, det er en kanon side arlet har og det er så fedt så hjælpsom han er. :-)
Avatar billede rexa Nybegynder
18. marts 2006 - 19:54 #8
ja giver max respect til dem der gider rydde op i vores lort som vi har slæbt ind efter en tur på nettet :D
Avatar billede anddk Praktikant
18. marts 2006 - 20:29 #9
Så kom jeg så langt.

Rapporten fra ewido er blevet væk.... :-( Ved ikek hvordan det kunne ske. Har søgt efter den man filen kan ikke findes. Kan jo lave en ny scanning ??

Her er de andre:

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 99
Infected objects found: 5
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 6
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 6
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1028 Kb/s
Scan time: 00:00:22


Logfile of HijackThis v1.99.1
Scan saved at 20:27:12, on 18-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Programmer\SetWeb\SetWeb.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\D2D2DAD8D6DCD7.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\EQArticle\EQArticle.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\Bruger\Skrivebord\_slet\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programmer\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll (file missing)
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O2 - BHO: Yvakt Class - {B91A8E01-502D-4EF6-B0C4-7139709832ED} - C:\WINDOWS\system32\icda0wpw5.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [SetecCertUtil] C:\Programmer\SetWeb\SetWeb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [8989918F8D938E97] D2D2DAD8D6DCD7.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Programmer\Network\ipnetwork.exe
O4 - HKLM\..\Run: [[01]##############################################################################################################################] C:\Documents and Settings\Bruger\Internet Optimizer\update\rogue.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKLM\..\Run: [Installed] 562
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EQArticle] "C:\Programmer\EQArticle\EQArticle.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [kzru] C:\PROGRA~1\FLLESF~1\kzru\kzrum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035f2ea7058bba7fd605/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://evidenceeraserpro.com/landings/EEProInstaller.cab
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen3321.CAB
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\system32\icda0wpw5.dll
O20 - AppInit_DLLs: repairs302973000.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Avatar billede anddk Praktikant
18. marts 2006 - 20:30 #10
Øh, jeg er et fjols. Den lå på min USB nøgle......

---------------------------------------------------------
ewido anti-malware - Startop rapport
---------------------------------------------------------

+ Oprettet den:            19:06:23, 18-03-2006
+ Rapport-Checksum:        141BA820

Reg\HKLM\Run        SetecCertUtil                            C:\Programmer\SetWeb\SetWeb.exe                                                                   
Reg\HKLM\Run        TkBellExe                                "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot                                 
Reg\HKLM\Run        QuickTime Task                          "C:\Programmer\QuickTime\qttask.exe" -atboottime                                                   
Reg\HKLM\Run        8989918F8D938E97                        D2D2DAD8D6DCD7.exe                                                                                 
Reg\HKLM\Run        IpNetwork                                C:\Programmer\Network\ipnetwork.exe                                                               
Reg\HKLM\Run        [01]############################################################################################################################## C:\Documents and Settings\Bruger\Internet Optimizer\update\rogue.exe                               
Reg\HKLM\Run        TheMonitor                              C:\WINDOWS\CheckS02.exe                                                                           
Reg\HKLM\Run        win3208470-1798061                      C:\WINDOWS\win3208470-1798061.exe                                                                 
Reg\HKLM\Run        ms0661470-17980                          C:\WINDOWS\ms0661470-17980.exe                                                                     
Reg\HKLM\Run        ula0U                                    "C:\WINDOWS\system32\slk8x2peu.exe"                                                               
Reg\HKLM\Run        keyboard                                C:\\keyboard3.exe                                                                                 
Reg\HKLM\Run        mousepad                                C:\\mousepad3.exe                                                                                 
Reg\HKLM\Run        newname                                  C:\\newname3.exe                                                                                   
Reg\HKLM\Run        NewFrn                                  C:\WINDOWS\newfrn.exe                                                                             
Reg\HKLM\Run        Installed                                562                                                                                               
Reg\HKLM\Run        SurfSideKick 3                          C:\Programmer\SurfSideKick 3\Ssk.exe                                                               
Reg\HKCU\Run        CTFMON.EXE                              C:\WINDOWS\system32\ctfmon.exe                                                                     
Reg\HKCU\Run        EQArticle                                "C:\Programmer\EQArticle\EQArticle.exe"                                                           
Reg\HKCU\Run        SurfSideKick 3                          C:\Programmer\SurfSideKick 3\Ssk.exe                                                               
Reg\HKCU\Run        kzru                                    C:\PROGRA~1\FLLESF~1\kzru\kzrum.exe                                                               
Shell\CommonStartup  Microsoft Office.lnk                    C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk             
Shell\CommonStartup  Picture Package Menu.lnk                C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Picture Package Menu.lnk         
Shell\CommonStartup  Picture Package VCD Maker.lnk            C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Picture Package VCD Maker.lnk
Avatar billede arlet Juniormester
18. marts 2006 - 21:49 #11
Du skal nu til at i gang med at fixe:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programmer\SurfSideKick 3\SskBho.dll

O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll (file missing)
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O2 - BHO: Yvakt Class - {B91A8E01-502D-4EF6-B0C4-7139709832ED} - C:\WINDOWS\system32\icda0wpw5.dll

O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)

O4 - HKLM\..\Run: [8989918F8D938E97] D2D2DAD8D6DCD7.exe
O4 - HKLM\..\Run: [[01]##############################################################################################################################] C:\Documents and Settings\Bruger\Internet Optimizer\update\rogue.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKLM\..\Run: [Installed] 562
O4 - HKCU\..\Run: [kzru] C:\PROGRA~1\FLLESF~1\kzru\kzrum.exe

O18 - Filter: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\system32\icda0wpw5.dll



Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

Genstart og ny hijackthis log
Avatar billede Computer Hjælp (Gratis) Mester
18. marts 2006 - 21:50 #12
<anddk>: ... nu er jeg ret nysgerig... Ved du hvad du har haft 'gang i' ?
Siden at disse 'sjove' programmer (?) findes og startes på din putter:
C:\\keyboard3.exe     
C:\\mousepad3.exe
C:\\newname3.exe

Der er også andre 'sjove' elementer i din Log - <arlet> ska' nok guide dig videre ...
Avatar billede anddk Praktikant
18. marts 2006 - 22:16 #13
Så kommer der en nu log:

Logfile of HijackThis v1.99.1
Scan saved at 22:14:56, on 18-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\SetWeb\SetWeb.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\EQArticle\EQArticle.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Programmer\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\Upgrader.exe
C:\Documents and Settings\Bruger\Skrivebord\_slet\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programmer\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [SetecCertUtil] C:\Programmer\SetWeb\SetWeb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IpNetwork] C:\Programmer\Network\ipnetwork.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EQArticle] "C:\Programmer\EQArticle\EQArticle.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035f2ea7058bba7fd605/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://evidenceeraserpro.com/landings/EEProInstaller.cab
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen3321.CAB
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs302973000.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Avatar billede anddk Praktikant
18. marts 2006 - 22:18 #14
dr1 -> Nej, jeg ander ikke hvad det er for noget. Det er min fætteres pc "kloge jeg" lige skulle fixe.

Så snart man gik på nettet væltede det bare frem med popups. Forsøgte med spyboot og lidt andre ting inden jeg søgte hjælp her.

Antivirsu programmet Panda Antivirus Platinum 7 kommer iøvrigt også tit og side "update not successful, could not connect to the panda update server"
Avatar billede rexa Nybegynder
18. marts 2006 - 22:27 #15
er det orginal eller pirat ??
Avatar billede anddk Praktikant
18. marts 2006 - 23:22 #16
Alt software er orginal.
Avatar billede rexa Nybegynder
18. marts 2006 - 23:29 #17
ja men ved det er én standart fejl i pirat versionen :D
Avatar billede arlet Juniormester
19. marts 2006 - 08:00 #18
Fix i hijackthis

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programmer\SurfSideKick 3\SskBho.dll

O4 - HKLM\..\Run: [IpNetwork] C:\Programmer\Network\ipnetwork.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe

O20 - AppInit_DLLs: repairs302973000.dll

Find og slet manuelt:

C:\Programmer\Network\ipnetwork.exe
C:\Programmer\SurfSideKick 3<- hele mappen

genstart og ny hijackthis log
Avatar billede anddk Praktikant
19. marts 2006 - 11:21 #19
Så har jeg gjort det. Kan ikke slette mappen SurfSideKick 3. Heller ikke fra fejlsikret tilstand og fra en kommandopromt. Det er noget med filerne er ibrug.

Kan se at det er kommet ind i logen igen ?

Logfile of HijackThis v1.99.1
Scan saved at 11:19:06, on 19-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\SetWeb\SetWeb.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\SurfSideKick 3\Ssk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\EQArticle\EQArticle.exe
C:\Programmer\SurfSideKick 3\Ssk.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Programmer\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\Bruger\Skrivebord\_slet\hjt.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\Upgrader.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programmer\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [SetecCertUtil] C:\Programmer\SetWeb\SetWeb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EQArticle] "C:\Programmer\EQArticle\EQArticle.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035f2ea7058bba7fd605/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://evidenceeraserpro.com/landings/EEProInstaller.cab
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen3321.CAB
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs302973000.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Avatar billede arlet Juniormester
19. marts 2006 - 11:48 #20
Gå i kontrolpanel og tilføj/fjern og slet SurfSideKick

derefter opstart i fejlsikret og slet mappen:
C:\Programmer\SurfSideKick 3

genstart normalt og ny hijackthis log..
Avatar billede anddk Praktikant
19. marts 2006 - 13:26 #21
Logfile of HijackThis v1.99.1
Scan saved at 13:24:57, on 19-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\EQArticle\EQArticle.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Programmer\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\Upgrader.exe
C:\Documents and Settings\Bruger\Skrivebord\_slet\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EQArticle] "C:\Programmer\EQArticle\EQArticle.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035f2ea7058bba7fd605/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://evidenceeraserpro.com/landings/EEProInstaller.cab
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen3321.CAB
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Avatar billede arlet Juniormester
19. marts 2006 - 17:06 #22
Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan se her : www.arlet.dk/pakke.htm
Avatar billede anddk Praktikant
19. marts 2006 - 18:03 #23
Okay, 1000 tak for hjælpen.

Skønt at du gider det her.
Avatar billede rexa Nybegynder
19. marts 2006 - 18:55 #24
det er dejligt vi har folk som dem til at hjælpe os med vores problemer og de gør et kanon stykke arbejde og er sgu også glad for at der er nogen der gider lave noget gratis endnu en gang tak til jer
tror sgu også anddk er enig ;)
Avatar billede rexa Nybegynder
19. marts 2006 - 18:58 #25
btw har i set forskellen fra den 1. log til den sidste :D hvor meget der er væk hehe
Avatar billede anddk Praktikant
19. marts 2006 - 19:06 #26
Klart, jeg er helt enig :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:38 Netkort finder 5 forbindelser,bare ikke min, Af valby i Internetforbindelser
I går 12:52 Installation af Outlook Classic Af mort1 i E-mail programmer
I går 12:08 Alt ender i skyen Af mort1 i Windows
I går 11:38 Væk fra Microsoft Launcher på min Android Af mort1 i Apps til Android
I går 09:20 TEMU vil installeres på min Samsung S10 Af mort1 i Apps til Android
White papers
Flere white papers »