Søg
Avatar billede danonino Nybegynder
07. april 2006 - 21:49 Der er 6 kommentarer

Hijackthis log

Min computer kører langsomt, nogen der kan tjekke min log?


Logfile of HijackThis v1.99.1
Scan saved at 21:45:50, on 07-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avast4\aswUpdSv.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\WINDOWS\system32\khooker.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Avast4\ashServ.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Apoint2K\HidFind.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Jetico\BestCrypt\BCResident.exe
C:\Programmer\Avast4\ashMaiSv.exe
C:\Programmer\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Packard Bell\Dokumenter\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sol.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Programmer\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmer\Save\Save.exe"
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programmer\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: hplun.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
Avatar billede fromsej Praktikant
08. april 2006 - 11:33 #1
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet og genstart i fejlsikret.

Start programmet, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start programmet igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Vi skal også se en frisk hijackthislog.
Avatar billede danonino Nybegynder
08. april 2006 - 16:34 #2
Her er log'en for SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
Generated 04/08/2006 at 04:14 PM

Core Rules Database Version : 2856
Trace Rules Database Version: 1029

Memory threats detected  : 0
Registry threats detected : 100
File threats detected    : 59

Adware.Tracking Cookie
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@statse.webtrendslive[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@hitbox[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@globalstat[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@tacoda[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@atwola[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@indextools[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@belnk[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@realmedia[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@mediaplex[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@fastclick[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@ad.yieldmanager[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@ads.a8ww[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@1072392088[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@sextv[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@e2.emediate[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@cgi-bin[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@atdmt[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@advertising[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@tradedoubler[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@ehg-nokiafin.hitbox[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@counter3.sextracker[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@maxserving[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@dist.belnk[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@stats1.reliablestats[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@sextracker[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@doubleclick[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@cs.sexcounter[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@z1.adserver[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@tribalfusion[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@media.fastclick[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@as1.falkag[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@hotbar[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@track.adform[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@ehg-deltatre.hitbox[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@adopt.specificclick[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@statcounter[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@2o7[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@bluestreak[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@edge.ru4[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@adtech[2].txt

Adware.WhenU
    HKCR\WUSN.1
    HKCR\WUSN.1#WUSN_Id
    HKCR\ACM.ACMFactory
    HKCR\ACM.ACMFactory\CLSID
    HKCR\ACM.ACMFactory\CurVer
    HKCR\ACM.ACMFactory.1
    HKCR\ACM.ACMFactory.1\CLSID
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
    HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
    HKCR\AppId\ACM.DLL
    HKCR\AppId\ACM.DLL#AppID
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
    HKLM\Software\WhenUSave
    HKLM\Software\WhenUSave#db_script_update
    HKLM\Software\WhenUSave#InstallDir
    HKLM\Software\WhenUSave#pats_url
    HKLM\Software\WhenUSave#pat_chunks_url
    HKLM\Software\WhenUSave#script_url
    HKLM\Software\WhenUSave#update_url
    HKLM\Software\WhenUSave#ver_url
    HKLM\Software\WhenUSave#Version
    HKLM\Software\WhenUSave#timedDBUpdate_rs
    HKLM\Software\WhenUSave#extra_url
    HKLM\Software\WhenUSave#extraver_url
    HKLM\Software\WhenUSave#ziptomsa_url
    HKLM\Software\WhenUSave#InstallTime
    HKLM\Software\WhenUSave#LastPartner
    HKLM\Software\WhenUSave#zip
    HKLM\Software\WhenUSave#TotalPartner
    HKLM\Software\WhenUSave#newuser_rs
    HKLM\Software\WhenUSave#Partner
    HKLM\Software\WhenUSave#PartnerB
    HKLM\Software\WhenUSave#PartnerDesc
    HKLM\Software\WhenUSave#FullDBTime
    HKLM\Software\WhenUSave#brandskin_url
    HKLM\Software\WhenUSave#brandstrip_rs
    HKLM\Software\WhenUSave#brandstrip_url
    HKLM\Software\WhenUSave#bstat_rs
    HKLM\Software\WhenUSave#himp_url
    HKLM\Software\WhenUSave#iptomsa_url
    HKLM\Software\WhenUSave#maxPopups_rs
    HKLM\Software\WhenUSave#uninstalltag_rs
    HKLM\Software\WhenUSave#db_stamp_rs
    HKLM\Software\WhenUSave#db_server_update
    HKLM\Software\WhenUSave#MSA
    HKLM\Software\WhenUSave#HeartbeatTime
    HKLM\Software\WhenUSave#TotalPopup
    HKLM\Software\WhenUSave#IPToMsaTime_rs
    HKLM\Software\WhenUSave#db_local_update
    HKLM\Software\WhenUSave#SystemParam_rs
    HKLM\Software\WhenUSave#acm_rs
    HKLM\Software\WhenUSave#HeartbeatCount
    HKLM\Software\WhenUSave#UrlChangeCount
    HKLM\Software\WhenUSave#db_incomplete
    HKLM\Software\WhenUSave#IPToMsaFail_rs
    HKLM\Software\WhenUSave#db_fail_cnt
    HKLM\Software\WhenUSave#db_ver_update
    HKLM\Software\WhenUSave\Partners
    HKLM\Software\WhenUSave\Partners\EEPE
    HKLM\Software\WhenUSave\Partners\EEPE#Partner
    HKLM\Software\WhenUSave\Partners\EEPE#InstallTime
    HKLM\Software\WhenUSave\Partners\EEPE#PartnerDesc
    HKLM\Software\WhenUSave\Partners\EEPE#PartnerFile
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#UrlInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#UninstallString
    C:\Programmer\Save\ACM.dll
    C:\Programmer\Save\save.cch
    C:\Programmer\Save\save.db
    C:\Programmer\Save\save.htm
    C:\Programmer\Save\SaveUninst.exe
    C:\Programmer\Save\store.db
    C:\Programmer\Save
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\Learn More About Save!.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\Learn More About SaveNow.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\Learn More About WhenU Save.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\Learn More About WhenU SaveNow.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\WhenU.com Website.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU
    C:\Documents and Settings\Packard Bell\Lokale indstillinger\Temp\VVSNInst.exe

Trojan.NewDotNet
    HKU\.DEFAULT\Software\New.net
    HKU\S-1-5-18\Software\New.net
    C:\WINDOWS\NDNuninstall6_38.exe

BearShare File Sharing Client
    C:\Programmer\BearShare\BearShare.exe
    C:\Documents and Settings\All Users\Menuen Start\Programmer\BearShare.lnk
    C:\Documents and Settings\Packard Bell\Skrivebord\BearShare.lnk
    C:\WINDOWS\Prefetch\BEARSHARE.EXE-03D151AA.pf





Og her den "friske" Hijackthislog:


Logfile of HijackThis v1.99.1
Scan saved at 16:32:37, on 08-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Avast4\aswUpdSv.exe
C:\Programmer\Avast4\ashServ.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\WINDOWS\system32\khooker.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Apoint2K\HidFind.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\Avast4\ashMaiSv.exe
C:\Programmer\Avast4\ashWebSv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Jetico\BestCrypt\BCResident.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Packard Bell\Dokumenter\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sol.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Programmer\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmer\Save\Save.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programmer\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: hplun.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
Avatar billede danonino Nybegynder
08. april 2006 - 17:28 #3
Her er log'en for SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
Generated 04/08/2006 at 04:14 PM

Core Rules Database Version : 2856
Trace Rules Database Version: 1029

Memory threats detected  : 0
Registry threats detected : 100
File threats detected    : 59

Adware.Tracking Cookie
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@statse.webtrendslive[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@hitbox[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@globalstat[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@tacoda[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@atwola[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@indextools[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@belnk[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@realmedia[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@mediaplex[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@fastclick[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@ad.yieldmanager[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@ads.a8ww[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@1072392088[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@sextv[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@e2.emediate[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@cgi-bin[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@atdmt[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@advertising[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@tradedoubler[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@ehg-nokiafin.hitbox[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@counter3.sextracker[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@maxserving[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@dist.belnk[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@stats1.reliablestats[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@sextracker[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@doubleclick[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@cs.sexcounter[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@z1.adserver[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@tribalfusion[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@media.fastclick[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@as1.falkag[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@hotbar[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@track.adform[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@ehg-deltatre.hitbox[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@adopt.specificclick[2].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@statcounter[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@2o7[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@bluestreak[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@edge.ru4[1].txt
    C:\Documents and Settings\Packard Bell\Cookies\packard bell@adtech[2].txt

Adware.WhenU
    HKCR\WUSN.1
    HKCR\WUSN.1#WUSN_Id
    HKCR\ACM.ACMFactory
    HKCR\ACM.ACMFactory\CLSID
    HKCR\ACM.ACMFactory\CurVer
    HKCR\ACM.ACMFactory.1
    HKCR\ACM.ACMFactory.1\CLSID
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
    HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
    HKCR\AppId\ACM.DLL
    HKCR\AppId\ACM.DLL#AppID
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
    HKLM\Software\WhenUSave
    HKLM\Software\WhenUSave#db_script_update
    HKLM\Software\WhenUSave#InstallDir
    HKLM\Software\WhenUSave#pats_url
    HKLM\Software\WhenUSave#pat_chunks_url
    HKLM\Software\WhenUSave#script_url
    HKLM\Software\WhenUSave#update_url
    HKLM\Software\WhenUSave#ver_url
    HKLM\Software\WhenUSave#Version
    HKLM\Software\WhenUSave#timedDBUpdate_rs
    HKLM\Software\WhenUSave#extra_url
    HKLM\Software\WhenUSave#extraver_url
    HKLM\Software\WhenUSave#ziptomsa_url
    HKLM\Software\WhenUSave#InstallTime
    HKLM\Software\WhenUSave#LastPartner
    HKLM\Software\WhenUSave#zip
    HKLM\Software\WhenUSave#TotalPartner
    HKLM\Software\WhenUSave#newuser_rs
    HKLM\Software\WhenUSave#Partner
    HKLM\Software\WhenUSave#PartnerB
    HKLM\Software\WhenUSave#PartnerDesc
    HKLM\Software\WhenUSave#FullDBTime
    HKLM\Software\WhenUSave#brandskin_url
    HKLM\Software\WhenUSave#brandstrip_rs
    HKLM\Software\WhenUSave#brandstrip_url
    HKLM\Software\WhenUSave#bstat_rs
    HKLM\Software\WhenUSave#himp_url
    HKLM\Software\WhenUSave#iptomsa_url
    HKLM\Software\WhenUSave#maxPopups_rs
    HKLM\Software\WhenUSave#uninstalltag_rs
    HKLM\Software\WhenUSave#db_stamp_rs
    HKLM\Software\WhenUSave#db_server_update
    HKLM\Software\WhenUSave#MSA
    HKLM\Software\WhenUSave#HeartbeatTime
    HKLM\Software\WhenUSave#TotalPopup
    HKLM\Software\WhenUSave#IPToMsaTime_rs
    HKLM\Software\WhenUSave#db_local_update
    HKLM\Software\WhenUSave#SystemParam_rs
    HKLM\Software\WhenUSave#acm_rs
    HKLM\Software\WhenUSave#HeartbeatCount
    HKLM\Software\WhenUSave#UrlChangeCount
    HKLM\Software\WhenUSave#db_incomplete
    HKLM\Software\WhenUSave#IPToMsaFail_rs
    HKLM\Software\WhenUSave#db_fail_cnt
    HKLM\Software\WhenUSave#db_ver_update
    HKLM\Software\WhenUSave\Partners
    HKLM\Software\WhenUSave\Partners\EEPE
    HKLM\Software\WhenUSave\Partners\EEPE#Partner
    HKLM\Software\WhenUSave\Partners\EEPE#InstallTime
    HKLM\Software\WhenUSave\Partners\EEPE#PartnerDesc
    HKLM\Software\WhenUSave\Partners\EEPE#PartnerFile
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#UrlInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#UninstallString
    C:\Programmer\Save\ACM.dll
    C:\Programmer\Save\save.cch
    C:\Programmer\Save\save.db
    C:\Programmer\Save\save.htm
    C:\Programmer\Save\SaveUninst.exe
    C:\Programmer\Save\store.db
    C:\Programmer\Save
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\Learn More About Save!.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\Learn More About SaveNow.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\Learn More About WhenU Save.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\Learn More About WhenU SaveNow.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU\WhenU.com Website.url
    C:\Documents and Settings\Packard Bell\Menuen Start\Programmer\WhenU
    C:\Documents and Settings\Packard Bell\Lokale indstillinger\Temp\VVSNInst.exe

Trojan.NewDotNet
    HKU\.DEFAULT\Software\New.net
    HKU\S-1-5-18\Software\New.net
    C:\WINDOWS\NDNuninstall6_38.exe

BearShare File Sharing Client
    C:\Programmer\BearShare\BearShare.exe
    C:\Documents and Settings\All Users\Menuen Start\Programmer\BearShare.lnk
    C:\Documents and Settings\Packard Bell\Skrivebord\BearShare.lnk
    C:\WINDOWS\Prefetch\BEARSHARE.EXE-03D151AA.pf





Og her den "friske" Hijackthislog:


Logfile of HijackThis v1.99.1
Scan saved at 16:32:37, on 08-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Avast4\aswUpdSv.exe
C:\Programmer\Avast4\ashServ.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\WINDOWS\system32\khooker.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Apoint2K\HidFind.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\Avast4\ashMaiSv.exe
C:\Programmer\Avast4\ashWebSv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Jetico\BestCrypt\BCResident.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Packard Bell\Dokumenter\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sol.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Programmer\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmer\Save\Save.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programmer\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: hplun.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
Avatar billede fromsej Praktikant
08. april 2006 - 19:41 #4
Download og gem denne scanner på skrivebordet. Du skal ikke aktivere den endnu.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Kig denne vejledning grundigt igennem.
http://fromsej.dk/Vejledninger/html/drweb.html
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

R3 - URLSearchHook: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmer\Save\Save.exe"

---------------------------------------¨
Har du selv sat spærring på Regedit, ellers skal de to her også fixes:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
---------------------------------------
Sletning af \mapper\ og filer:
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
C:\Programmer\Save\
-------------------
Filer:
C:\WINDOWS\system32\winmgd.win
C:\WINDOWS\system32\mouse_configurator.win
---------------------------------------
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.
---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog.
Avatar billede Computer Hjælp (Gratis) Mester
08. april 2006 - 21:17 #5
<fromsej>: GoSub http://www.eksperten.dk/spm/701295 - der er elementer som jeg ikke har set før...
Avatar billede fromsej Praktikant
08. april 2006 - 22:42 #6
Har været der nu.*S*
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
47 min siden Installation af Outlook Classic Af mort1 i E-mail programmer
I dag 12:08 Alt ender i skyen Af mort1 i Windows
I dag 11:38 Væk fra Microsoft Launcher på min Android Af mort1 i Apps til Android
I dag 09:20 TEMU vil installeres på min Samsung S10 Af mort1 i Apps til Android
18/0419:43 Installation af Adobe Photoshop Elements 2019 Af mort1 i Billedbehandling
White papers
Flere white papers »