Søg
Avatar billede neostar Nybegynder
12. september 2006 - 19:07 Der er 29 kommentarer og
1 løsning

mit system trænger til en grundig oprydning..

Hey..
Efter min firewall og antivirus gik i udu er der væltet 100vis af viruser og spywares ind på min computer om den opføre sig meget mærkeligt og kommer med fatalerrors..

så har jeg lavet en hijackthis log og håber der er nogen der kan hjælpe mig med at få ram på de bæst!:D

Logfile of HijackThis v1.99.1
Scan saved at 19:06:56, on 12-09-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~2\PRINTV~1\pvmodule.exe
C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\Update.exe
C:\Programmer\TGTSoft\StyleXP\StyleXP.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Application Data\e9c56899.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ybeakdrwggel.net/RF/5wXpxmD2OO8iNC//bdoO7l7evp0i2XaS9TSTUgWvnZVubIBm/6jzCexN65npu.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scootergalleri.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [svc] rundll32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [e9c56899.exe] C:\WINDOWS\System32\e9c56899.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [e9c56899.exe] C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Application Data\e9c56899.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/206/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137933435218
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://grempf1000.dyndns.org:10002/activex/AxisCamControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\System32\urroxtl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: HF30Service - Unknown owner - C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing)
O23 - Service: Sound Loader (SndMgr) - Unknown owner - C:\WINDOWS\System32\sndloader.exe" -service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
Avatar billede neostar Nybegynder
12. september 2006 - 19:08 #1
også vil jeg også bliver meget glad hvis der er nogen der gider at finde nogen links til en god gratis firewall, antivirus, og noget til at fjerne spywares og pop-upreklamer med..
på forhånd tak..
Avatar billede grohnheit Nybegynder
12. september 2006 - 19:14 #2
nu har jeg ikk forstand på hijackthis logs, men jeg kan se du "kun" bruger sp1.

sp2 har MANGE forbedringer med hensyn til sikkerhed, den kommer bla. med en firewall.
Avatar billede neostar Nybegynder
12. september 2006 - 19:19 #3
det køber jeg også snart..
men er der nogen der kan hjælpe mig med at rydde op i mit system indtil videre..
Avatar billede fromsej Praktikant
12. september 2006 - 19:22 #4
Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4

Dobbeltklik på VundoFix.exe for at køre det. Klik på "Scan for Vundo"-knappen. Når programmet er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen

Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at genstarte computeren. Det skal du acceptere.

Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt

Bemærk: Det er muligt at Vundofix ved første scanning finder en fil, som den ikke kan fjerne i første omgang. Så vil Vundofixet genstarte, og fortsætte efter genstarten. HVis dette sker, skal du bare følge instruktionerne ovenfor efter genstarten (startende med "Klik på Scan for Vundo-knappen")
Avatar billede neostar Nybegynder
12. september 2006 - 19:25 #5
okey prøver jeg lige.. kan du ikke være flink og give en masse links til programmer der kan fjerne viruser.. den siger også noget med trojans m.m.
Avatar billede grohnheit Nybegynder
12. september 2006 - 19:26 #6
neostar: sp2 kan hentes ganske lovligt og gratis. http://www.hcma.dk/tips1to10.htm#no10
Avatar billede fromsej Praktikant
12. september 2006 - 19:27 #7
Jo, men lad os lige få Vundo væk først.*S*
Du må ikke installere SP 2 endnu, ikke før maskinen er ren.
Avatar billede neostar Nybegynder
12. september 2006 - 19:27 #8
okey.. vil jeg prøve efter jeg har fået ryddet op..
Avatar billede neostar Nybegynder
12. september 2006 - 19:29 #9
okey.. skriver når jeg har kørt det der vundofix igennem..
Avatar billede neostar Nybegynder
12. september 2006 - 19:42 #10
Så er vundofix kørt igenem, hva´ så ??
Avatar billede fromsej Praktikant
12. september 2006 - 20:02 #11
Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt
Avatar billede neostar Nybegynder
12. september 2006 - 20:23 #12
Logfile of HijackThis v1.99.1
Scan saved at 20:22:55, on 12-09-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\e9c56899.exe
C:\PROGRA~2\PRINTV~1\pvmodule.exe
C:\Programmer\TGTSoft\StyleXP\StyleXP.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Temp\Midlertidig mappe 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ybeakdrwggel.net/RF/5wXpxmD2OO8iNC//bdoO7l7evp0i2XaS9TSTUgWvnZVubIBm/6jzCexN65npu.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scootergalleri.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0EDC228B-5B2D-4121-9E4F-48F01FF7B01C} - C:\WINDOWS\System32\geedb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~2\PRINTV~1\PRINTH~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [svc] rundll32.exe
O4 - HKLM\..\Run: [e9c56899.exe] C:\WINDOWS\System32\e9c56899.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [e9c56899.exe] C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Application Data\e9c56899.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/206/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158081766343
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://grempf1000.dyndns.org:10002/activex/AxisCamControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winkqu32 - winkqu32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\System32\urroxtl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: HF30Service - Unknown owner - C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing)
O23 - Service: Sound Loader (SndMgr) - Unknown owner - C:\WINDOWS\System32\sndloader.exe" -service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
Avatar billede neostar Nybegynder
12. september 2006 - 20:24 #13
undoFix V6.1.5

Checking Java version...

Sun Java not detected
Scan started at 19:26:03 12-09-2006

Listing files found while scanning....

C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.tmp
C:\WINDOWS\system32\tuvwuvs.dll
C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\services.dll
C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\Update.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwuvs.dll
C:\WINDOWS\system32\tuvwuvs.dll Has been deleted!

Attempting to delete C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\services.dll
C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\services.dll Could not be deleted.

Attempting to delete C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\Update.exe
C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\Update.exe Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.1.5

Checking Java version...

Sun Java not detected
Scan started at 19:33:47 12-09-2006

Listing files found while scanning....

C:\WINDOWS\system32\geedb.dll
C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\services.dll
C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\Update.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Has been deleted!

Attempting to delete C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\services.dll
C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\services.dll Has been deleted!

Attempting to delete C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\Update.exe
C:\Programmer\Fælles filer\{B0A2A2E9-095E-1030-0506-03040423002d}\Update.exe Has been deleted!

Performing Repairs to the registry.
Done!
Avatar billede fromsej Praktikant
12. september 2006 - 20:35 #14
Det ryddede godt op i bæstet.*S*

Download og gem denne scanner på skrivebordet. Du skal ikke aktivere den endnu.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ybeakdrwggel.net/RF/5wXpxmD2OO8iNC//bdoO7l7evp0i2XaS9TSTUgWvnZVubIBm/6jzCexN65npu.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0EDC228B-5B2D-4121-9E4F-48F01FF7B01C} - C:\WINDOWS\System32\geedb.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll
O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)
O4 - HKLM\..\Run: [svc] rundll32.exe
O4 - HKLM\..\Run: [e9c56899.exe] C:\WINDOWS\System32\e9c56899.exe
O4 - HKLM\..\Run: [svc] rundll32.exe
O4 - HKLM\..\Run: [e9c56899.exe] C:\WINDOWS\System32\e9c56899.exe
O20 - Winlogon Notify: winkqu32 - winkqu32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\System32\urroxtl.dll (file missing)

---------------------------------------
Sletning af \mapper\ og filer:
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
<Ingen>
-------------------
Filer:
C:\WINDOWS\System32\ixt0.dll
C:\WINDOWS\System32\e9c56899.exe
---------------------------------------
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Når scanningen er færdig, gå op i file – Tryk på- Save Report list.
Så ligger der en en fil der her hedder "drweb.csv" på skrivebordet.
Luk Programmet.
---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog, dobbeltklik på drweb.csv og kopier teksten fra den herind.
Avatar billede neostar Nybegynder
12. september 2006 - 21:14 #15
jeg er lige straks færdig..
Avatar billede frankeeh Nybegynder
13. september 2006 - 09:33 #16
du skal bare download nod32... det er et rigtig godt antivirus.. så søg efter virus med det...
Avatar billede neostar Nybegynder
13. september 2006 - 17:33 #17
issearch.exe    C:\WINDOWS\System32    Trojan.DownLoader.12713    Deleted.
e9c56899.exe    C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Application Data    Trojan.Popuper    Deleted.
winantiviruspro2006freeinstall[1].exe    C:\Documents and Settings\Martin Nissen\Application Data    Trojan.DownLoader.10963    Deleted.
temp.frD172    C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Temp    Trojan.Popuper    Deleted.
win19.tmp.exe    C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Temp    Trojan.Popuper    Deleted.
UERSK_0001_N68M2202NetInstaller.exe    C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Temp\ICD1.tmp    Trojan.DownLoader.6550    Deleted.
UERSK_0001_N91M2407NetInstaller.exe    C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Temp\ICD2.tmp    Trojan.DownLoader.10963    Deleted.
mirc___0.#xe    C:\Program Files\mIRC    Program.mIRC.61    Renamed.
npclntax.dll    C:\Programmer\Mozilla Firefox\plugins    Adware.Zango    Renamed.
RDHooks0.#ll    C:\Programmer\My Manager\PCnetPCHost    Program.RemoteAdmin    Renamed.
MyToolBar.dll    C:\Programmer\ToolBar888    Adware.FastSearch    Renamed.
Dc10.dll    C:\RECYCLER\S-1-5-21-602162358-1085031214-725345543-1003    Trojan.DownLoader.12713    Deleted.
Dc11.exe    C:\RECYCLER\S-1-5-21-602162358-1085031214-725345543-1003    Trojan.Popuper    Deleted.
A0108029.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.Popuper    Deleted.
A0108030.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.DownLoader.12713    Deleted.
A0108031.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.Popuper    Deleted.
A0108036.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.Fakealert    Deleted.
A0108043.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.Popuper    Deleted.
A0108044.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.DownLoader.12713    Deleted.
A0108045.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.Popuper    Deleted.
A0109043.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.Popuper    Deleted.
A0109044.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.DownLoader.12713    Deleted.
A0109045.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.Popuper    Deleted.
A0109049.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.DownLoader.12713    Deleted.
A0109061.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP179    Trojan.Fakealert    Deleted.
A0109200.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP182    Adware.Zango    Renamed.
A0110040.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.DownLoader.6550    Deleted.
A0110041.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Adware.Zango    Renamed.
A0110046.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0110047.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.DownLoader.12713    Deleted.
A0110048.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0110055.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0110056.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.DownLoader.12713    Deleted.
A0110057.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0110063.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0110064.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.DownLoader.12713    Deleted.
A0110065.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0111488.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0111489.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.DownLoader.12713    Deleted.
A0111490.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0111494.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0111495.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Fakealert    Deleted.
A0111496.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.Popuper    Deleted.
A0111502.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP183    Trojan.DownLoader.12713    Deleted.
A0112121.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.Virtumod    Deleted.
A0112142.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.Starter.65    Deleted.
A0112146.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.DownLoader.12713    Deleted.
A0112151.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.DownLoader.12713    Deleted.
A0112158.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.Popuper    Deleted.
A0113158.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.DownLoader.12713    Deleted.
A0113159.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.Popuper    Deleted.
A0113160.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.DownLoader.10963    Deleted.
A0113162.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Adware.Zango    Renamed.
A0113163.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Adware.FastSearch    Renamed.
A0113164.dll    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.DownLoader.12713    Deleted.
A0113165.exe    C:\System Volume Information\_restore{C213EF0D-BCAD-45AC-BD97-3484E85E8B67}\RP184    Trojan.Popuper    Deleted.
tuvwuvs.dll.bad    C:\VundoFix Backups    Trojan.Virtumod    Deleted.
Update.exe.bad    C:\VundoFix Backups    Trojan.Starter.65    Deleted.
HotFlix0.#xe    C:\WINDOWS    Dialer.AsianRaw    Renamed.
UERSK_0001_N68M2202NetInstaller.exe    C:\WINDOWS\Downloaded Program Files    Trojan.DownLoader.6550    Deleted.
UERSK_0001_N91M2407NetInstaller.exe    C:\WINDOWS\Downloaded Program Files    Trojan.DownLoader.10963    Deleted.
ismini.exe    C:\WINDOWS\system32    Trojan.Popuper    Deleted.
moo____0.#ll    C:\WINDOWS\system32\rundll32    Tool.Moo    Renamed.
floorfilla - jump india 53.wma    L:\my downloads    Trojan.Isbar.389    Deleted.
_HonkyTonk_ life on mars 2006 44.wma    L:\my downloads    Trojan.Isbar.389    Deleted.
floorfilla - jump india 53.wma    L:\wong\my downloads nyt\my downloads    Trojan.Isbar.389    Deleted.





Logfile of HijackThis v1.99.1
Scan saved at 17:32:44, on 13-09-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~2\PRINTV~1\pvmodule.exe
C:\Programmer\TGTSoft\StyleXP\StyleXP.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Microsoft Office\Office10\EXCEL.EXE
C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Temp\Midlertidig mappe 5 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scootergalleri.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll (file missing)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~2\PRINTV~1\PRINTH~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [e9c56899.exe] C:\WINDOWS\System32\e9c56899.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [e9c56899.exe] C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Application Data\e9c56899.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/206/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158081766343
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://grempf1000.dyndns.org:10002/activex/AxisCamControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winkqu32 - winkqu32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: HF30Service - Unknown owner - C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing)
O23 - Service: Sound Loader (SndMgr) - Unknown owner - C:\WINDOWS\System32\sndloader.exe" -service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe

værs go fromsej hvad skal jeg så gøre?
Avatar billede neostar Nybegynder
13. september 2006 - 17:49 #18
forresten.. den kommer også op med pop-ups om at jeg SKAL installere noget errorsafe og den spammer hele tiden.. selv om man trykker nej..
det vil jeg også meget gerne have fjernet...
Avatar billede neostar Nybegynder
13. september 2006 - 18:14 #19
og den siger stadig der er en trojan på min comp..
Avatar billede neostar Nybegynder
13. september 2006 - 19:56 #20
.
Avatar billede forevernewbie Nybegynder
13. september 2006 - 20:33 #21
Kør lige dette, og så formoder jeg Fromsej dukker op igen.

Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Indholdet af denne fil må du gerne lægge herind, sammen med en ny hijackthis log.

-------------------------------------------

Hent denne scanner http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Installer, og opdater scanneren manuelt. OBS, ved installationen bliver det foreslået at du registrerer med din email. Det behøver du ikke at gøre.


Start op i fejlsikret tilstand (tast f8 flere gange under opstart). Hvis du ikke kan det, så se her
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1


Start SuperAntiSpyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

Genstart til normal tilstand (scanneren tilbyder måske at gøre det).

Åbn scanneren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med en frisk HijackThis log.
Avatar billede neostar Nybegynder
13. september 2006 - 20:48 #22
Martin Nissen - 06-09-13 20:38:28,78
ComboFix 06.09.11B - Running from: C:\Documents and Settings\Martin Nissen\Skrivebord

Microsoft Windows XP [version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\Inetget2
C:\Programmer\ToolBar888
C:\WINDOWS\system32\components
C:\Programmer\F‘lles filer\{B0A2A2E9-095E-1030-0506-03040423002d}
C:\WINDOWS\system32\isnotify.exe


(((((((((((((((((((((((((((((((  Files Created from 2006-08-13 to 2006-09-13  ))))))))))))))))))))))))))))))))))


2006-09-13    18:52    274,432    --a------    C:\WINDOWS\system32\imon.dll
2006-09-12    19:26    331,776    --a------    C:\WINDOWS\system32\winhttp.dll
2006-09-12    19:26    17,408    --a------    C:\WINDOWS\system32\qmgrprxy.dll
2006-08-29    08:57    77,824    --a------    C:\WINDOWS\system32\CNBJMON2.DLL


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-13 20:41    --------    d--------    C:\Programmer\ewido anti-malware
2006-09-13 20:40    --------    d-a------    C:\Programmer\F‘lles filer
2006-09-13 20:23    --------    d--------    C:\Programmer\ESET
2006-09-13 20:21    --------    d--------    C:\Programmer\Mozilla Firefox
2006-09-13 18:51    502368    --a------    C:\WINDOWS\system32\drivers\amon.sys
2006-09-12 19:18    --------    d--h-----    C:\Programmer\InstallShield Installation Information
2006-09-12 19:13    --------    d--------    C:\Programmer\ACE Mega CoDecS Pack
2006-09-12 18:30    --------    d--------    C:\Documents and Settings\Martin Nissen\Application Data\Lavasoft
2006-09-12 18:27    --------    d--------    C:\Programmer\Lavasoft
2006-09-12 18:17    --------    d--------    C:\Programmer\My Manager
2006-09-12 18:16    --------    d--------    C:\Programmer\Creative
2006-09-12 18:16    --------    d--------    C:\Programmer\bwin
2006-09-12 18:10    --------    d--------    C:\Programmer\PacificPoker
2006-09-12 18:08    --------    d---s----    C:\Documents and Settings\Martin Nissen\Application Data\Microsoft
2006-09-12 18:07    --------    d--------    C:\Programmer\SpyQuake2.com
2006-09-11 19:11    --------    d--------    C:\Programmer\F‘lles filer\Symantec Shared
2006-09-11 19:11    --------    d--------    C:\Documents and Settings\Martin Nissen\Application Data\Symantec
2006-09-10 18:45    --------    d--------    C:\Programmer\MSN Messenger
2006-09-10 17:56    --------    d--------    C:\Programmer\FlashFXP
2006-09-10 17:29    --------    d--------    C:\Documents and Settings\Martin Nissen\Application Data\FlashFXP
2006-09-06 00:32    --------    d--------    C:\Documents and Settings\Martin Nissen\Application Data\Azureus
2006-09-04 21:51    --------    d--------    C:\Programmer\Winamp
2006-07-13 10:51    601600    --a------    C:\WINDOWS\system32\xpsp2res.dll
2006-06-16 14:34    48936    --a------    C:\WINDOWS\system32\sirenacm.dll


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\\Programmer\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"MSMSGS"="\"C:\\Programmer\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /install"
"C-Media Mixer"="Mixer.exe /startup"
"TCASUTIEXE"="TCAUDIAG.exe -on"
"SunJavaUpdateSched"="C:\\Programmer\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"PVModule"="C:\\PROGRA~2\\PRINTV~1\\pvmodule.exe"
"e9c56899.exe"="C:\\WINDOWS\\System32\\e9c56899.exe"
"nod32kui"="\"C:\\Programmer\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000000
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/MARTIN~1/LOKALE~1/Temp/msohtml1/01/clip_image001.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/MARTIN~1/LOKALE~1/Temp/msohtml1/01/clip_image001.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,20,03,00,00,23,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,49,03,00,00,59,00,00,00,5f,02,00,00,c7,01,\
  00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,8b,01,00,00,53,00,00,00,5f,02,00,00,c7,01,\
  00,00,01,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://roflee-gaming.dk/Perforama-LAN/natligTaageNK.JPG"
"SubscribedURL"="http://roflee-gaming.dk/Perforama-LAN/natligTaageNK.JPG"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,9f,01,00,00,1d,00,00,00,aa,00,00,00,a0,00,00,00,ea,\
  03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,72,03,00,00,2c,01,00,00,00,05,00,00,c0,03,\
  00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,ea,02,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
  e7,77,c8,0f,1b,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuelle startside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,01,00,00,00,9a,03,00,00,1d,03,00,00,ec,\
  03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,20,03,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,20,03,\
  00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^64701837b545818b27e6b754c^Documents and Settings^Programmer^Start^BitTorrent.lnk]
"path"="C:\\64701837b545818b27e6b754c\\Documents and Settings\\Programmer\\Start\\BitTorrent.lnk"
"backup"="C:\\WINDOWS\\pss\\BitTorrent.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\BITTOR~1\\BITTOR~1.EXE "
"item"="BitTorrent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menuen Start\\Programmer\\Start\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FLLESF~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^LUMIX Simple Viewer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menuen Start\\Programmer\\Start\\LUMIX Simple Viewer.lnk"
"backup"="C:\\WINDOWS\\pss\\LUMIX Simple Viewer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PANASO~1\\LUMIXS~1\\PHLEAU~1.EXE "
"item"="LUMIX Simple Viewer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menuen Start\\Programmer\\Start\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\D-Tools\\daemon.exe\"  -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DataLayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DATALA~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\FLLESF~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\e9c56899.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="e9c56899"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Martin Nissen\\Lokale indstillinger\\Application Data\\e9c56899.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MessengerPlus2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\Messenger Plus! 2\\MsgPlus.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\Messenger Plus! 3\\MsgPlus.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMTray"
"hkey"="HKLM"
"command"="MMTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray2K]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMTray2k"
"hkey"="HKLM"
"command"="MMTray2k.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTrayLSI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMTrayLSI"
"hkey"="HKLM"
"command"="MMTrayLSI.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programmer\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Overnet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eDonkey2000"
"hkey"="HKLM"
"command"="C:\\Programmer\\Overnet\\eDonkey2000.exe -t"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Programmer\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Programmer\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Programmer\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Programmer\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programmer\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\zBrowser Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTouch"
"hkey"="HKLM"
"command"="C:\\Programmer\\Logitech\\iTouch\\iTouch.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkqu32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ  msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 13-09-2006 20:42:29.31
ComboFix.txt
Avatar billede neostar Nybegynder
13. september 2006 - 20:48 #23
Logfile of HijackThis v1.99.1
Scan saved at 20:48:47, on 13-09-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~2\PRINTV~1\pvmodule.exe
C:\Programmer\Eset\nod32kui.exe
C:\Programmer\TGTSoft\StyleXP\StyleXP.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Temp\Midlertidig mappe 6 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scootergalleri.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll (file missing)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~2\PRINTV~1\PRINTH~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [e9c56899.exe] C:\WINDOWS\System32\e9c56899.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/206/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158081766343
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://grempf1000.dyndns.org:10002/activex/AxisCamControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winkqu32 - winkqu32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: HF30Service - Unknown owner - C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing)
O23 - Service: Sound Loader (SndMgr) - Unknown owner - C:\WINDOWS\System32\sndloader.exe" -service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
Avatar billede forevernewbie Nybegynder
13. september 2006 - 21:05 #24
Jeg afventer lige loggen fra Superantispyware, og så rydder vi op i det sidste.
Avatar billede forevernewbie Nybegynder
13. september 2006 - 22:23 #25
Nåh, nu har jeg lavet det.

Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved disse linier, og klik fix checked.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll (file missing)
O4 - HKLM\..\Run: [e9c56899.exe] C:\WINDOWS\System32\e9c56899.exe
O20 - Winlogon Notify: winkqu32 - winkqu32.dll (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing)
O23 - Service: Sound Loader (SndMgr) - Unknown owner - C:\WINDOWS\System32\sndloader.exe" -service (file missing)


-----------------------------------------------

For at kunne se alle filer og mapper, gør du dette http://www.spywareinfo.dk/#/tip-og-tricks/mappeindstillinger.htm

Så gør du dette:

Klik på "Start" - Vælg "Søg".
Klik på linket "Skift indstillinger".
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.



Så lukker du computeren, og lader den være i ca. 30 sekunder. Så starter du op i fejlsikret tilstand (Tryk f8 flere gange under opstart). Vælg med piletasterne fejlsikret tilstand og tast <enter>


Slet disse mapper:

C:\Programmer\ SpyQuake2.com


Rester af Norton antivirus:

C:\Programmer\Fælles filer\ Symantec Shared
C:\Documents and Settings\Martin Nissen\Application Data\ Symantec


Rester af Panda:

C:\Programmer\ Panda Software


Disse er der referencer til i registreringsdatabasen, og de er måske væk, men tjek det lige:

C:\Programmer\ WeatherCast
C:\Programmer\ Messenger Plus! 3
C:\\Programmer\ Messenger Plus! 2



Slet denne fil:

C:\WINDOWS\System32\ e9c56899.exe

Kom med en frisk HijackThis log, og loggen fra SuperAntiSpyware.
Avatar billede neostar Nybegynder
14. september 2006 - 17:48 #26
SUPERAntiSpyware Scan Log
Generated 09/14/2006 at 00:26 AM

Core Rules Database Version : 3082
Trace Rules Database Version: 1114

Memory threats detected  : 0
Registry threats detected : 31
File threats detected    : 100

Browser Hijacker.BestSafetyGuide
    HKLM\Software\Classes\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}
    HKCR\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}
    HKCR\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}
    HKCR\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}\InprocServer32
    HKCR\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}\InprocServer32#ThreadingModel
    C:\WINDOWS\System32\ixt0.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a43385f0-7113-496d-96d7-b9b550e3fcca}

Adware.Tracking Cookie
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@adserver[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@track.adform[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@adserver.banneradministration[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.etracker[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@cgi-bin[3].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ad.ofir[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ads.beamfile[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@amaena[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ads.realtechnetwork[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@bannere.fyens[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@dk.winantivirus[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@45aTq2V13X[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@cgi-bin[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@edge.ru4[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ad[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@statcounter[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@rotator.adjuggler[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@questionmarket[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@serving-sys[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@partypoker[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@zedo[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@m1.webstats4u[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@2006[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ilead.itrack[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@stats1.reliablestats[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@cts.metricsdirect[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@86843942[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@cassava[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@adultfriendfinder[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@list[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@winantivirus[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.winantivirus[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@adbrite[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.amaena[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@tacoda[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@mb[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@169841[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@1071482227[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@adserver.easyad[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@888[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ads.arto[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@indextools[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@revsci[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@webstats4u[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@toplist[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@scanner[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@adserver.tibaco[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@adserver03.tibaco[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@partners.webmasterplan[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@server.iad.liveperson[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@atwola[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@securityworm5[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.winfixer[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@indexstats[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@revenue[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ad1.emediate[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@image.masterstats[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@adecn[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@casalemedia[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@burstnet[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@server.cpmstar[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@as-us.falkag[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@yadro[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@adserver.softwareonline[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@euros4click[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.0stats[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.pesttrap[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.click-now[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@xiti[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@webpower[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ad.yieldmanager[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@as-eu.falkag[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ad.zanox[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.thespyguard[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@winfixer[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@as1.falkag[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@e2.emediate[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.zanox-affiliate[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@realmedia[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@4stats[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@securityworm81[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@go.winantivirus[1].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@ad4.bannerbank[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@komtrack[2].txt
    C:\Documents and Settings\Martin Nissen\Cookies\martin nissen@www.burstnet[2].txt

Trojan.NewDotNet
    HKU\.DEFAULT\Software\New.net
    HKU\S-1-5-18\Software\New.net

Trojan.Unknown Origin
    HKLM\SOFTWARE\Microsoft\MSSMGR
    HKLM\SOFTWARE\Microsoft\MSSMGR#Data
    HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
    HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
    HKLM\SOFTWARE\Microsoft\MSSMGR#LID
    HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
    C:\VundoFix Backups\services.dll.bad
    C:\WINDOWS\system32\ot.ico
    C:\WINDOWS\system32\ts.ico

Adware.Avenue Media/Internet Optimizer
    HKU\S-1-5-21-602162358-1085031214-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url
    C:\Documents and Settings\All Users\Menuen Start\Security Troubleshooting.url
    C:\Documents and Settings\Martin Nissen\Foretrukne\Antivirus Test Online.url

Trojan.Malware
    HKCR\MezziaCodec.Chl
    HKCR\MezziaCodec.Chl\CLSID

Malware.SpywareQuake
    C:\Programmer\SpyQuake2.com\Spy-Quake2.exe
    C:\Programmer\SpyQuake2.com\sq.ini
    C:\Programmer\SpyQuake2.com

Adware.IST/ISTBar (Slotch Bar)
    HKU\S-1-5-21-602162358-1085031214-725345543-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Trojan.ErrorSafe
    HKCR\ESSPChck.ESSPChck
    HKCR\ESSPChck.ESSPChck\CLSID
    HKCR\ESSPChck.ESSPChck\CurVer
    HKCR\ESSPChck.ESSPChck.1
    HKCR\ESSPChck.ESSPChck.1\CLSID

BearShare File Sharing Client
    C:\Programmer\Bearshare\BearShare.exe
    C:\Documents and Settings\All Users\Menuen Start\Programmer\BearShare.lnk
    C:\Documents and Settings\Martin Nissen\Skrivebord\BearShare.lnk
    C:\WINDOWS\Prefetch\BEARSHARE.EXE-1F7FB804.pf

Adware.Vundo Variant
    C:\VundoFix Backups\geedb.dll.bad
Avatar billede forevernewbie Nybegynder
14. september 2006 - 18:28 #27
SAS mugede godt ud, så det begynder at se fornuftigt ud. Kom med en frisk HijackThis, og meld lige tilbage om hvordan det kører nu
Avatar billede neostar Nybegynder
14. september 2006 - 19:05 #28
Logfile of HijackThis v1.99.1
Scan saved at 19:03:58, on 14-09-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~2\PRINTV~1\pvmodule.exe
C:\Programmer\Eset\nod32kui.exe
C:\Programmer\TGTSoft\StyleXP\StyleXP.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martin Nissen\Lokale indstillinger\Temp\Midlertidig mappe 8 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scootergalleri.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~2\PRINTV~1\PRINTH~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/206/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158081766343
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://grempf1000.dyndns.org:10002/activex/AxisCamControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: HF30Service - Unknown owner - C:\Programmer\PureSoft\Hide Folder 3.0\HF30Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing)
O23 - Service: Sound Loader (SndMgr) - Unknown owner - C:\WINDOWS\System32\sndloader.exe" -service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe

den køre bedre nu og den åbner programmer/internet hurtigere nu..
og den er ikke kommet med den der trojan popup i hjørnet endnu..
Avatar billede forevernewbie Nybegynder
14. september 2006 - 21:34 #29
De tre services er lidt genstridige. Gør lige dette:

Gå i Start -> Kør -> skriv cmd og klik ok.

I cmd vinduet skriver du: sc delete pavfires og taster <enter>

Skriv derefter: sc delete pavsrv og tast <enter>

Skriv derefter: sc delete sndmgr og tast <enter>

Den her glemte jeg i HijackThis, så fix lige denne linie:

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

Er de tre services og den linie væk efter en genstart burde alt være i orden, og du behøver ikke lægge flere logs ind.
Avatar billede neostar Nybegynder
15. januar 2007 - 23:13 #30
hvorfor laver folk det ikke som et svar? :S
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 15:37 Sort skærm Af mort1 i Windows
I går 12:32 iPadOS 26.4.1 kan ikke opdatere Af claes57 i Apps til iOS
08/0410:38 Indholdsfortegnelse ændrer sig, når jeg gemmer som PDF Af Jan K i Word
06/0419:53 installer mange programmer på en gang Af Overgaard1654 i Andet software
06/0417:48 Min hp Officejet pro 7740 skærer det nederste af billedet i word Af rosmarin i Printere
White papers
Flere white papers »