Søg
Avatar billede luthski Nybegynder
07. august 2006 - 13:29 Der er 5 kommentarer og
1 løsning

Spyware problem

Min computer er lige pludselig blevet meget ustabil. Er det Spyware.
Bliver ved med at få denne meddelelse fra PC-cillin.

Denied Access.
.
Incident name: C:\WINDOWS\system32\svchost.dll
Detection name: ADW_PURITYSCA.Y
User name: Morten
Note: If Search for and clean Trojans is turned on and executed after scanning, click Next to view the final action taken.

Er den skurken?

Disse to filer har lagt sig ind på c-drevet og prøver at gå på nettet. jeg kan ikke slette dem:
kybrdff_8
dfndrff_8

Har denne log fra Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 13:21:39, on 07-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\MSI\Live Update 3\LMonitor.exe
C:\Programmer\MultiRes\MultiRes.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Electronic Arts\EA Downloader\Core.exe
C:\WINDOWS\system32\ICROSO~1\regsvr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\S?mantec\l?ass.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Morten\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pol.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Programmer\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [MultiRes] C:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] C:\Programmer\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Rsou] "C:\WINDOWS\system32\ICROSO~1\regsvr32.exe" -vt yazr
O4 - HKCU\..\Run: [Yrvgce] C:\WINDOWS\S?mantec\l?ass.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139144361734
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:  C:\WINDOWS\system32\svchost.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Er der nogen som kan hjælpe mig?
Avatar billede ejvindh Ekspert
07. august 2006 - 13:41 #1
Jeg ser på den :-)
Avatar billede ejvindh Ekspert
07. august 2006 - 13:50 #2
-- Hent "SuperAntiSpyware free" herfra:
http://www.spywarefri.dk/downloads1.htm
Installer, og opdater scannereren. Men vent med at scanne.

Fuld vejledning til superantispyware finder du her:
http://www.spywarefri.dk/manualer/superantispyware-manual.htm

-- Gå ind i kontrolpanel-tilføj/fjern programmer, og se om du kan få lov til at afinstallere følgende programmer:
PuritySCAN By OIN
OIN
OuterInfo
(el. lignende)

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O4 - HKCU\..\Run: [Rsou] "C:\WINDOWS\system32\ICROSO~1\regsvr32.exe" -vt yazr
O4 - HKCU\..\Run: [Yrvgce] C:\WINDOWS\S?mantec\l?ass.exe
O20 - AppInit_DLLs:  C:\WINDOWS\system32\svchost.dll

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Du skal nu til at slette. Som indledning hertil skal du have slået "Udvidet filvisning" til:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-- Slet herefter følgende (hvis du kan finde dem):
Mapper:
C:\WINDOWS\system32\ICROSO~1\ (>>>>>>>> bemærk navnet på denne mappe er forkortet lidt)
C:\WINDOWS\S?mantec\

Filer:
C:\WINDOWS\system32\svchost.dll

-- Start SuperAntispyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

-- Genstart til normal tilstand. Åbn SuperAntispyware-scannereren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med en ny HijackThis log.
Avatar billede luthski Nybegynder
07. august 2006 - 14:35 #3
SUPERAntiSpyware Scan Log
Generated 08/07/2006 at 02:26 PM

Core Rules Database Version : 2847
Trace Rules Database Version: 1097

Memory threats detected  : 0
Registry threats detected : 0
File threats detected    : 84

Adware.Tracking Cookie
    C:\Documents and Settings\Morten\Cookies\morten@ad1.emediate[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@www.ht-fedstats[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@yieldmanager[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@globalstat[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@aa[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@mb[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@europcar[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@advert.travlang[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@image.masterstats[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@doubleclick[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@microsoftwga.112.2o7[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@dcsi583rp10000oevcqz9y4us_6l6d[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@ads.realtechnetwork[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@cgi-bin[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@burstnet[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@ad.zanox[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@hits.clickandtrack[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@www.incentaclick[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@ads.perfion[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@hertz.122.2o7[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@stat.dealtime[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@clicktorrent[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@1071266048[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@ad1.emediate[3].txt
    C:\Documents and Settings\Morten\Cookies\morten@atdmt[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@www.hatstats[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@dealtime[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@indextools[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@ads.mininova[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@mediaplex[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@ads.searchextreme[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@ad.yieldmanager[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@ads.realcastmedia[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@e2.emediate[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@revsci[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@tacoda[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@hmt.connexpromotions[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@mb[3].txt
    C:\Documents and Settings\Morten\Cookies\morten@banner.prestigecasino[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@cneteurope.122.2o7[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@track.adform[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@www.clicktorrent[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@307[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@adtech[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@www.dvd-sexpress[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@clicksor[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@a[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@indexstats[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@stats.gamestop[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@hit.stat[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@maxim.122.2o7[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@partypoker[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@ads.as4x.tmcs[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@m1.webstats4u[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@phpmv2[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@fixionmedia[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@resaweb[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@adfair[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@web-stat[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@acecounter[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@1071793501[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@stats1.reliablestats[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@ads.pitchforkmedia[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@stat.postdanmark[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@tradedoubler[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@www.webstat[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@premiumtv.122.2o7[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@ads.itv[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@postclicktracking[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@danmark.hatstats[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@cgi-bin[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@admarketplace[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@www.burstnet[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@1069771471[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@cgi-bin[3].txt
    C:\Documents and Settings\Morten\Cookies\morten@ad.adocean[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@adbrite[2].txt
    C:\Documents and Settings\Morten\Cookies\morten@1071716841[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@43035569[1].txt
    C:\Documents and Settings\Morten\Cookies\morten@europcar-com[1].txt

Trojan.DollarRevenue
    C:\WINDOWS\keyboard1.dat

Adware.NicTech Networks
    C:\Documents and Settings\Morten\Lokale indstillinger\Temporary Internet Files\Content.IE5\NBT3VP4S\Installer[1].exe

Logfile of HijackThis v1.99.1
Scan saved at 14:33:23, on 07-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\MultiRes\MultiRes.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Electronic Arts\EA Downloader\Core.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Morten\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pol.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [MultiRes] C:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Programmer\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] C:\Programmer\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -

http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139144361734
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -

http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles

filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software -

C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Avatar billede ejvindh Ekspert
07. august 2006 - 14:38 #4
Så blev loggen ren. :-)

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
Avatar billede luthski Nybegynder
07. august 2006 - 14:46 #5
Tusind tak for hjælpen
Avatar billede ejvindh Ekspert
07. august 2006 - 14:46 #6
Det var så lidt :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 17:32 Jeg kan ikke opdatere min iPad til ios 26.4.1. Af Bettina i Apps til iOS
I dag 08:32 Office pakke LTSC vs Retail? Af Don G i Office & Kontorpakker
I går 21:19 Lydindstilling Prosonic TV Af TageArent i Fjernsyn & projektorer
I går 15:37 Sort skærm Af mort1 i Windows
09/0412:32 iPadOS 26.4.1 kan ikke opdatere Af claes57 i Apps til iOS
White papers
Flere white papers »