CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede platapus Nybegynder
03. april 2006 - 18:11 Der er 18 kommentarer og
1 løsning

Spyware removal

Hej alle sammen,
Mine forældres computer er blevet ret heftigt inficeret med spyware, så jeg har lovet at hjælpe dem med at få ryddet op i rodet. Men jeg er ikke den store haj til at læse Hijack this log fil, så ved ikke helt hvad jeg skal slette og lade være, så det er her jeg håber i kan være behjælpelige.
Hermed følger log filen.

Logfile of HijackThis v1.99.1
Scan saved at 18:07:58, on 03-04-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\IEHost.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\cmpbk320.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\WINDOWS\System32\cdm48228.exe
C:\WINDOWS\System32\vidmon\vidmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\Programmer\Steam\Steam.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jonas\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Programmer\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [53be52fdf4f6] C:\WINDOWS\System32\cmpbk320.exe
O4 - HKLM\..\Run: [exiz] C:\WINDOWS\exiz.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Bruger\LOKALE~1\Temp\SAHAGE~1.EXE run
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [57785ea35bd8] C:\WINDOWS\System32\cdm48228.exe
O4 - HKLM\..\Run: [Error Safe] C:\Programmer\Error Safe Free\ers.exe /scan
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ErrorSafe] "C:\Programmer\Error Safe Free\ers.exe" /min
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
Avatar billede platapus Nybegynder
03. april 2006 - 18:12 #1
Det kan tilføjes at den blandt andet starter op med errorsafe, som jeg så vidt jeg har læst mig til på nettet, kan forstå er spyware.

En sidste ting, hvilke ting skal der installeres når computeren er blevet renset for at sikre at det ikke kommer igen?
Avatar billede hundevennen Nybegynder
03. april 2006 - 18:26 #2
hent adaware
http://www.lavasoft.de/software/adaware/
Avatar billede fromsej Praktikant
03. april 2006 - 18:29 #3
Den er godt nok slem.
Lad os se hvad et par scannere kan gøre ved det.
Kør de to scannere fra denne artikel:
http://www.eksperten.dk/artikler/755

Når det er gjort:
Hent og installer denne scanner:
http://www.superantispyware.com/superantispywarefreevspro.html

Start programmet, klik på Check for updates, når det er opdateret, luk programmet og genstart i fejlsikret.

Start programmet, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start programmet igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Vi skal også se en frisk Hijackthislog.
Avatar billede platapus Nybegynder
03. april 2006 - 18:36 #4
skal jeg følge vejledningen fra de 2 første scannere (drWeb og ewido), altså med at køre dem i fejlsikret tilstand og kopiere .log filerne herind også?
Avatar billede fromsej Praktikant
03. april 2006 - 18:58 #5
Ja.*S*
Avatar billede fromsej Praktikant
03. april 2006 - 18:59 #6
Med hensyn til Dr.Web, kun det allernederste af loggen.
Avatar billede platapus Nybegynder
03. april 2006 - 22:44 #7
så kommer der langt om længe nogle .log filer...

Dr.Web:
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 101632
Infected objects found: 12
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 27
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 1
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 12
Objects renamed: 28
Objects moved: 0
Objects ignored: 0
Scan speed: 664 Kb/s
Scan time: 01:03:08
Avatar billede platapus Nybegynder
03. april 2006 - 22:44 #8
---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            21:57:04, 03-04-2006
+ Rapport-Checksum:        BC9A21F6

+ Scanningsresultat:
    HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1 -> Adware.Delfin : Renset med backup
    HKLM\SOFTWARE\Dsi -> Adware.Delfin : Renset med backup
    HKLM\SOFTWARE\Dvx -> Adware.Delfin : Renset med backup
    HKLM\SOFTWARE\kirum -> Adware.Delfin : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NavHelper -> Adware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows AdControl -> Adware.BlazeFind : Renset med backup
    HKLM\SOFTWARE\NavExcel -> Adware.NavExcel : Renset med backup
    HKLM\SOFTWARE\NavExcel\NavHelper -> Adware.NavExcel : Renset med backup
    HKLM\SOFTWARE\NavExcel\NavHelper\v2.0.4c -> Adware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Windows AdControl -> Adware.BlazeFind : Renset med backup
    HKU\S-1-5-21-325571979-483353174-3568005617-1009\Software\Dvx -> Adware.Delfin : Renset med backup
    HKU\S-1-5-21-325571979-483353174-3568005617-1009\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@spylog[1].txt -> TrackingCookie.Spylog : Renset med backup
    C:\Documents and Settings\Bruger\Cookies\bruger@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Bruger\Cookies\bruger@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Renset med backup
    C:\Documents and Settings\Joan\Cookies\joan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Joan\Cookies\joan@advertising[1].txt -> TrackingCookie.Advertising : Renset med backup
    C:\Documents and Settings\Joan\Cookies\joan@servedby.advertising[1].txt -> TrackingCookie.Advertising : Renset med backup
    C:\Documents and Settings\Jonas\Cookies\jonas@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Jonas\Cookies\jonas@com[1].txt -> TrackingCookie.Com : Renset med backup
    C:\Documents and Settings\Lise\Cookies\lise@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Lise\Cookies\lise@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Program Files\Windows AdControl\WinAdCtl.#xe -> Adware.WinAD : Renset med backup
    C:\Program Files\Windows AdControl\WinAdShift.#ll -> Adware.WinAD : Renset med backup
    C:\Programmer\MaxSpeed -> Adware.SideFind : Renset med backup
    C:\Programmer\NavExcel\NavHelper\v2.0.4c\NHelper.#ll -> Adware.NavExcel : Renset med backup
    C:\Programmer\NavExcel\NavHelper\v2.0.4c\NHUninstaller.#xe -> Adware.NavExcel : Renset med backup
    C:\Programmer\NavExcel\NavHelper\v2.0.4c\v2.0.4c.cab/NHelper.dll -> Adware.NavExcel : Renset med backup
    C:\Programmer\NavExcel\NavHelper\v2.0.4c\v2.0.4c.cab/NHUninstaller.exe -> Adware.NavExcel : Renset med backup
    C:\Programmer\Orange Audio\WAV - MP3 Converter Encoder\ezab.#xe -> Adware.EZula : Renset med backup
    C:\temp\FLEOK\salm.#xe -> Adware.180Solutions : Renset med backup
    C:\temp\NCasePackage.#xe -> Dropper.180Solutions.a : Renset med backup
    C:\temp\sahagent-cdt1003.#xe -> Adware.Sahat : Renset med backup
    C:\temp\salmhook.#ll -> Adware.180Solutions : Renset med backup
    C:\WINDOWS\AdRoar.#ll -> Downloader.Adroar : Renset med backup
    C:\WINDOWS\Downloaded Program Files\popcaploader.#ll -> Not-A-Virus.Downloader.Win32.PopCap.b : Renset med backup
    C:\WINDOWS\system32\apcups65.#xe -> Adware.UrlSpy : Renset med backup
    C:\WINDOWS\system32\batmeter.#xe -> Adware.UrlSpy : Renset med backup
    C:\WINDOWS\system32\cmpbk320.#xe -> Adware.IEDriver : Renset med backup
    C:\WINDOWS\system32\wsxsvc\wsx.#cx -> Adware.DelphinMediaViewer : Renset med backup
    C:\WINDOWS\system32\wsxsvc\wsx.#ll -> Adware.DelphinMediaViewer : Renset med backup
    C:\WINDOWS\system32\wsxsvc\wsxsvc.#xe -> Adware.DelphinMediaViewer : Renset med backup


::Rapport slut
Avatar billede platapus Nybegynder
03. april 2006 - 22:45 #9
SUPERAntiSpyware Scan Log
Generated 04/03/2006 at 10:37 PM

Core Rules Database Version : 2843
Trace Rules Database Version: 1026

Memory threats detected  : 0
Registry threats detected : 106
File threats detected    : 56

Windows AdControl WINADCTL.EXE
    [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    C:\Program Files\Windows AdControl\WinAdCtl.exe
    C:\WINDOWS\Prefetch\WINADCTL.EXE-36E40B41.pf

Adware.MySearch Toolbar
    HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
    HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
    HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InprocServer32
    C:\PROGRA~1\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}

My Way Search Assistant BHO
    HKLM\Software\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
    HKCR\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
    HKCR\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
    HKCR\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}\InprocServer32
    HKCR\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}\InprocServer32#ThreadingModel
    HKCR\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}\Programmable
    C:\Programmer\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
    C:\Programmer\MyWay\SrchAstt\1.bin\MYSRCHAS.#LL

AdRoar Module Toolbar
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}

Adware.Tracking Cookie
    C:\Documents and Settings\Jonas\Cookies\jonas@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Jonas\Cookies\jonas@ad.yieldmanager[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adserver.banneradministration[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@onlinerewardcenter[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@partypoker[2].txt
    C:\Documents and Settings\Lise\Cookies\lise@ad.ofir[1].txt
    C:\Documents and Settings\Lise\Cookies\lise@belnk[1].txt
    C:\Documents and Settings\Lise\Cookies\lise@dist.belnk[2].txt
    C:\Documents and Settings\Lise\Cookies\lise@interclick[2].txt
    C:\Documents and Settings\Lise\Cookies\lise@realmedia[1].txt
    C:\Documents and Settings\Lise\Cookies\lise@track.adform[2].txt

Trojan.Error Safe Free
    C:\Programmer\Error Safe Free\activate.dat
    C:\Programmer\Error Safe Free\appupdate.dat
    C:\Programmer\Error Safe Free\Backup
    C:\Programmer\Error Safe Free\bnlink.dat
    C:\Programmer\Error Safe Free\DataBase.sav
    C:\Programmer\Error Safe Free\dcres.sys
    C:\Programmer\Error Safe Free\Download
    C:\Programmer\Error Safe Free\emptyERSF.exe
    C:\Programmer\Error Safe Free\ers.url
    C:\Programmer\Error Safe Free\ersd.sys
    C:\Programmer\Error Safe Free\ESSPChck.dll
    C:\Programmer\Error Safe Free\flash.ini
    C:\Programmer\Error Safe Free\FlFxr15.dll
    C:\Programmer\Error Safe Free\FRec.dll
    C:\Programmer\Error Safe Free\FWraper.dll
    C:\Programmer\Error Safe Free\FxCore.dll
    C:\Programmer\Error Safe Free\InstHelp.exe
    C:\Programmer\Error Safe Free\lock.dat
    C:\Programmer\Error Safe Free\MMFx.dll
    C:\Programmer\Error Safe Free\Mp3DB
    C:\Programmer\Error Safe Free\MpegDB
    C:\Programmer\Error Safe Free\Program.sav
    C:\Programmer\Error Safe Free\pv.dat
    C:\Programmer\Error Safe Free\Repaired
    C:\Programmer\Error Safe Free\sr.log
    C:\Programmer\Error Safe Free\support.url
    C:\Programmer\Error Safe Free\Tasks
    C:\Programmer\Error Safe Free\trace.log
    C:\Programmer\Error Safe Free\unins000.dat
    C:\Programmer\Error Safe Free\unins000.exe
    C:\Programmer\Error Safe Free\up.dat
    C:\Programmer\Error Safe Free\update.log
    C:\Programmer\Error Safe Free\updater.dat
    C:\Programmer\Error Safe Free\Updater.exe
    C:\Programmer\Error Safe Free\WaveDB
    C:\Programmer\Error Safe Free\wsres.sys
    C:\Programmer\Error Safe Free
    HKU\S-1-5-21-325571979-483353174-3568005617-1009\Software\Error Safe Free
    HKLM\Software\Error Safe Free
    HKLM\Software\Error Safe Free#EulUERSK_0001_N68M2202
    HKLM\Software\Error Safe Free#ProductCode
    HKLM\Software\Error Safe Free#Abbr
    HKLM\Software\Error Safe Free#InstallPath
    HKLM\Software\Error Safe Free#ActivationCode
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#Inno Setup: Setup Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#Inno Setup: App Path
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#InstallLocation
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#Inno Setup: Icon Group
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#Inno Setup: User
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#QuietUninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#URLInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#URLUpdateInfo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#NoModify
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1#NoRepair
    C:\WINDOWS\Prefetch\EMPTYERSF.EXE-09E742FD.pf
    C:\WINDOWS\Prefetch\INSTHELP.EXE-1FBCFA03.pf

Trojan.WinFixer 2006
    HKCR\FWraper.FFEnginWraper
    HKCR\FWraper.FFEnginWraper\CLSID
    HKCR\FWraper.FFEnginWraper\CurVer
    HKCR\FWraper.FFEnginWraper.1
    HKCR\FWraper.FFEnginWraper.1\CLSID
    HKCR\FxCore.MMFixCore
    HKCR\FxCore.MMFixCore\CLSID
    HKCR\FxCore.MMFixCore\CurVer
    HKCR\FxCore.MMFixCore.1
    HKCR\FxCore.MMFixCore.1\CLSID
    HKCR\MMFxCtrl.CoFixEngine
    HKCR\MMFxCtrl.CoFixEngine\CLSID
    HKCR\MMFxCtrl.CoFixEngine\CurVer
    HKCR\MMFxCtrl.CoFixEngine.1
    HKCR\MMFxCtrl.CoFixEngine.1\CLSID
    HKCR\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2}
    HKCR\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\InProcServer32
    HKCR\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\InProcServer32#ThreadingModel
    HKCR\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}
    HKCR\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\InProcServer32
    HKCR\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\InProcServer32#ThreadingModel
    HKCR\Interface\{06170642-FA65-4FB6-AC79-5F235CB99BC2}
    HKCR\Interface\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\NumMethods
    HKCR\Interface\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\ProxyStubClsid
    HKCR\Interface\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\ProxyStubClsid32
    HKCR\Interface\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\TypeLib
    HKCR\Interface\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\TypeLib#Version
    HKCR\Interface\{489B338E-E4AB-489A-91D4-69970A541CF9}
    HKCR\Interface\{489B338E-E4AB-489A-91D4-69970A541CF9}\NumMethods
    HKCR\Interface\{489B338E-E4AB-489A-91D4-69970A541CF9}\ProxyStubClsid
    HKCR\Interface\{489B338E-E4AB-489A-91D4-69970A541CF9}\ProxyStubClsid32
    HKCR\Interface\{489B338E-E4AB-489A-91D4-69970A541CF9}\TypeLib
    HKCR\Interface\{489B338E-E4AB-489A-91D4-69970A541CF9}\TypeLib#Version
    HKCR\Interface\{5EED48AA-F20F-4085-B8F8-57724B7C5B08}
    HKCR\Interface\{5EED48AA-F20F-4085-B8F8-57724B7C5B08}\ProxyStubClsid
    HKCR\Interface\{5EED48AA-F20F-4085-B8F8-57724B7C5B08}\ProxyStubClsid32
    HKCR\Interface\{5EED48AA-F20F-4085-B8F8-57724B7C5B08}\TypeLib
    HKCR\Interface\{5EED48AA-F20F-4085-B8F8-57724B7C5B08}\TypeLib#Version
    HKCR\Interface\{AE4026CC-B7BA-48E8-8FB3-2C35099670A1}
    HKCR\Interface\{AE4026CC-B7BA-48E8-8FB3-2C35099670A1}\ProxyStubClsid
    HKCR\Interface\{AE4026CC-B7BA-48E8-8FB3-2C35099670A1}\ProxyStubClsid32
    HKCR\Interface\{AE4026CC-B7BA-48E8-8FB3-2C35099670A1}\TypeLib
    HKCR\Interface\{AE4026CC-B7BA-48E8-8FB3-2C35099670A1}\TypeLib#Version
    HKCR\Interface\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}
    HKCR\Interface\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\NumMethods
    HKCR\Interface\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\ProxyStubClsid
    HKCR\Interface\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\ProxyStubClsid32
    HKCR\Interface\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\TypeLib
    HKCR\Interface\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\TypeLib#Version
    HKCR\Interface\{C7EFDCDE-A181-41D0-A551-16F73B398040}
    HKCR\Interface\{C7EFDCDE-A181-41D0-A551-16F73B398040}\ProxyStubClsid
    HKCR\Interface\{C7EFDCDE-A181-41D0-A551-16F73B398040}\ProxyStubClsid32
    HKCR\Interface\{C7EFDCDE-A181-41D0-A551-16F73B398040}\TypeLib
    HKCR\Interface\{C7EFDCDE-A181-41D0-A551-16F73B398040}\TypeLib#Version

Placeholder.Registry Cleaner Trial
    HKCR\Install.Install
    HKCR\Install.Install\CLSID
    HKCR\Install.Install\CurVer
    HKCR\Install.Install.1
    HKCR\Install.Install.1\CLSID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll

Trojan.Spyware Stormer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains\Files
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains\Files#C:\WINDOWS\Downloaded Program Files\Install.dll
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation#INF
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\InstalledVersion#LastModified
Avatar billede platapus Nybegynder
03. april 2006 - 22:45 #10
Logfile of HijackThis v1.99.1
Scan saved at 22:43:13, on 03-04-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programmer\Steam\Steam.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jonas\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Programmer\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [exiz] C:\WINDOWS\exiz.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Bruger\LOKALE~1\Temp\SAHAGE~1.EXE run
O4 - HKLM\..\Run: [Error Safe] C:\Programmer\Error Safe Free\ers.exe /scan
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
Avatar billede fromsej Praktikant
04. april 2006 - 18:07 #11
De scannere gjorde godt nok noget ved det.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Programmer\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Bruger\LOKALE~1\Temp\SAHAGE~1.EXE run
O4 - HKLM\..\Run: [Error Safe] C:\Programmer\Error Safe Free\ers.exe /scan
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


---------------------------------------
Sletning af \mapper\ og filer:
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
-------------------
Mapper:
C:\Programmer\MyWay\
C:\Programmer\Error Safe Free\
C:\Documents and settings\Bruger\Lokale indstillinger\Temp\ << Tøm mappen.
-------------------
Filer:
<Ingen>
---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog.
Avatar billede platapus Nybegynder
04. april 2006 - 19:21 #12
Jeg får først mulighed for at gøre det på torsdag, så håber du vil være behjælpelig der når jeg ligger en ny hijack log ind, indtil videre rigtig mange tak
Avatar billede fromsej Praktikant
04. april 2006 - 23:09 #13
Jeg skal nok være der.*S*
Avatar billede platapus Nybegynder
06. april 2006 - 17:02 #14
Logfile of HijackThis v1.99.1
Scan saved at 17:00:47, on 06-04-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
D:\Programmer\Steam\Steam.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jonas\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [exiz] C:\WINDOWS\exiz.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
Avatar billede fromsej Praktikant
06. april 2006 - 17:50 #15
Hmm, gad vide om optikeren tager briller retur?
Jeg har desværre overset en. :-(

Kør Hijackthis igen og fix:
O4 - HKLM\..\Run: [exiz] C:\WINDOWS\exiz.exe

Genstart i fejlsikret og slet:
C:\WINDOWS\exiz.exe

Genstart normalt, så skulle den være der, men lad os se en sidste Hijackthislog for en sikkerheds skyld.
Avatar billede platapus Nybegynder
06. april 2006 - 18:04 #16
Logfile of HijackThis v1.99.1
Scan saved at 18:04:09, on 06-04-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Jonas\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
Avatar billede fromsej Praktikant
06. april 2006 - 19:16 #17
Så er din log ren, vi behøver ikke at se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.
Avatar billede platapus Nybegynder
06. april 2006 - 19:23 #18
Mange tak for hjælpen, det er bare super.
Avatar billede fromsej Praktikant
06. april 2006 - 19:45 #19
Velbekomme, tak for point. :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
synology surveillance Af johnnylassen i Andet sikkerhed 2 09/06/202514:49 09/06/202518:18
Falsk virusadvarsel fra McAfee hvert 10 sekund! Af frejanatur i Andet sikkerhed 7 25/05/202522:33 26/05/202514:12
Avast pop-up Af frem-ad i Andet sikkerhed 3 10/04/202515:46 10/04/202518:02
Facebook hacked og navn ændret Af Obelix1972 i Andet sikkerhed 5 20/02/202508:51 20/02/202510:17
Kan man tracke, hvis en anden har været i ens gmail? Af Bella i Andet sikkerhed 5 30/12/202422:01 17/01/202520:58
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:47 Processor i enhedshåndtering Af prefalch i PC
I går 12:18 tilpasning af bredde på flere kolonner på en gang i acces Af Budwar i Office & Kontorpakker
21/0613:30 Samme adgangskode på stationær Win 10 og bærbar Win 11 Af ErikHg i Windows
21/0613:19 Det ender i en blindgyde Af ErikHg i E-mail programmer
20/0619:31 Bios forlange password Af Slettet bruger i Tablet
White papers
Flere white papers »


Premium
Teaser billede
DR trækker stort it-udbud tilbage med omgående virkning
Læs mere »
Det danske cloud-marked er totalt uigennemskueligt: Selv erfarne it-folk forstår ikke regningen
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Stort temanummer: Her er de store dagsordener for Danmarks allerbedste CIO'er
Se alle »
Computerworld
Teaser billede
Larry Ellison er blevet 165 milliarder kroner rigere på få timer: Er nu pludselig verdens næstrigeste mand
Læs mere »
Millioner af franskmænd bruger dagligt disse tre sider – men nu er der blokeret for adgangen
Første AI-angreb uden klik: En fjendtlig e-mail i indbakken udløser Copilot til at stjæle følsomme virksomhedsdata
Fremadstormende bank-app fra Storbritannien vil have én million kunder i Danmark
Se alle »
CIO
Teaser billede
Her er den løsning, som skal erstatte Microsoft Office for alle medarbejdere i Digitaliseringsministeriet
Læs mere »
Lad nu være med at bruge kræfter på at forsøge at droppe Microsoft: "Det er simpelthen energi brugt forkert"
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Sådan tacklede Bauhaus-CIO Niels Nielsen stort ransomware-angreb: ”De krypterede vores VMWare-miljø med over 200 servere”
Se alle »
Job & Karriere
Teaser billede
Fungerede ikke: Dropper AI som erstatning for kundeservice-medarbejdere - har nu brug for nye folk
Læs mere »
NNIT har fyret 100 medarbejdere - nedjusterer markant
It-chef og halv it-afdeling fyret i forsikringsselskab på grund af kommentar om potteplante
Har fælles fortid i Devoteam: Nu etablerer disse fire tunge it-profiler nyt dansk konsulenthus - ser et hul i markedet
Se alle »
White paper
Teaser billede
Tidsbegrænset kampagne: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner gratis
Læs mere »
Sådan automatiserer du vagtplanlægningen med AI
Revolutionér kundeoplevelsen med AI og automatisering
AI og kunderejsen: Sådan vinder du fremtidens forbrugere
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »