Søg
Avatar billede supastar Nybegynder
11. oktober 2006 - 10:27 Der er 9 kommentarer og
1 løsning

Falsk spyware/virusadvarsel (hijackthis log)

Hej. Jeg har en lille udfordring med at fjerne advarsler om spyware/virus der popper op  i Systray. Håber nogen kan hjælpe? :)

Logfile of HijackThis v1.99.0
Scan saved at 10:23:43, on 11-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\MMediaCodec\pmmon.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Winamp\winamp.exe
C:\Programmer\MMediaCodec\pmsngr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonas Allentoft\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software GmbH - C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
Avatar billede nva Praktikant
11. oktober 2006 - 10:58 #1
Kør denne vejledning igennem http://www.eksperten.dk/artikler/954
Avatar billede Computer Hjælp (Gratis) Mester
11. oktober 2006 - 12:00 #2
contrabandists ??? Ved du hvad det er ?
Avatar billede supastar Nybegynder
11. oktober 2006 - 12:38 #3
Nej - jeg er ikke superskarp i det her.
Avatar billede supastar Nybegynder
11. oktober 2006 - 22:19 #4
Here goes jvf vejledningen i artikel 954 :) Håber en kan hjælpe med at se om jeg nu er "clean".

SUPERAntiSpyware Scan Log
Generated 10/11/2006 at 10:09 PM

Core Rules Database Version : 3102
Trace Rules Database Version: 1128

Memory threats detected  : 1
Registry threats detected : 115
File threats detected    : 137

Trojan.SpyFalcon
    C:\WINDOWS\SYSTEM32\DPFWU.DLL
    C:\WINDOWS\SYSTEM32\DPFWU.DLL

Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}
    HKCR\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}
    HKCR\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32
    HKCR\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{dfa61db1-388e-4c87-8d56-540fa229bcb4}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#contrabandists
    HKCR\CLSID\{DFA61DB1-388E-4C87-8D56-540FA229BCB4}

Adware.Tracking Cookie
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@st[20].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@amaena[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@click.netpondcash[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@indexstats[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@burstnet[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@cgi-bin[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@amsterdamlivexxx[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@stats1.reliablestats[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@belnk[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.amaena[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@sexnoveller[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.sextasya[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@revsci[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@adfair[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.livewebstats[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@livewebstats[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@track.adform[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@ilead.itrack[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@go[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@dist.belnk[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@cz5.clickzs[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@cz7.clickzs[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@doubleclick[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@adtech[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@stat.intermedia[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@cz6.clickzs[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@tgp[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@cz3.clickzs[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@ad[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@advertising[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.webstat[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@ad1.emediate[3].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@indextools[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@saxopolagroup.122.2o7[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@premiumtv.122.2o7[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@ad.yieldmanager[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@1068242455[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@e2.emediate[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@ads.monster[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@globalstat[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@malwarewipe[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@straight3[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.sexdating[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@18766632[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@winantivirus[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@tgp.xxxkey[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.pesttrap[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@cz9.clickzs[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@image.masterstats[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@atwola[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@cz11.clickzs[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@m1.webstats4u[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@sexdebut[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.sexygirl[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@habitatcompany.122.2o7[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@click.maxxandmore[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@76711721[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@stats.capteco[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@partypoker[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@vip.clickzs[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.xxx69[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@webstats4u[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@ads.clago[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@st[38].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@free[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@1072362020[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@1066866192[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@new-pcp[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@webstat[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@adbrite[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.bigfreesex[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@mb[4].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.winantivirus[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@ad1.emediate[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@2o7[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@dk.winantivirus[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@stat.inleadmedia[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.lesbiancollegesex[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.xxx-teens-xxx[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@tracking.procare[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@tacoda[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@sexfriends[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@1070202332[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@programs.wegcash[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@clicksor[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@webpower[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@focalex[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@1071610627[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@cbs.112.2o7[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.burstnet[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@deloitte.122.2o7[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@atdmt[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@tdstats[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@crackwhoreconfessions[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.sexnoveller[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@74188861[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.101sexsecret[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@hostedctr[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@stat.postdanmark[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@counter.sexsuche[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@statcounter[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@adultfriendfinder[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@web-stat[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.sexfarmer[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@ad.adtoma[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@mb[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.cutesexybabes[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@azjmp[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.sexy-pussies[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@scanner[2].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@mb[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@www.nabosex[1].txt
    C:\Documents and Settings\Jonas Allentoft\Cookies\jonas allentoft@2006[3].txt

Spyware.WebSearch (WinTools/Huntbar)
    C:\Documents and Settings\All Users\Menuen Start\Programmer\Web Search Tools\Frequently Asked Questions.url
    C:\Documents and Settings\All Users\Menuen Start\Programmer\Web Search Tools\Home.url
    C:\Documents and Settings\All Users\Menuen Start\Programmer\Web Search Tools\Privacy Policy.url
    C:\Documents and Settings\All Users\Menuen Start\Programmer\Web Search Tools\Terms of Use.url
    C:\Documents and Settings\All Users\Menuen Start\Programmer\Web Search Tools

Adware.IST/YourSiteBar
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll [  ]
    C:\WINDOWS\Downloaded Program Files\ysbactivex.inf

Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url
    C:\Documents and Settings\All Users\Menuen Start\Security Troubleshooting.url
    C:\Documents and Settings\Jonas Allentoft\Foretrukne\Antivirus Test Online.url
    C:\Documents and Settings\All Users\Skrivebord\Security Troubleshooting.url
    C:\Documents and Settings\All Users\Skrivebord\Online Security Guide.url

Adware.MyWay
    C:\Programmer\MyWay\myBar\1.bin
    C:\Programmer\MyWay\myBar
    C:\Programmer\MyWay

Adware.IST/ISTBar (Slotch Bar)
    HKU\S-1-5-21-875230803-3064180716-4214260719-1005\Software\Microsoft\Internet Explorer\Main#BandRest

Trojan.Media-Codec
    HKU\S-1-5-21-875230803-3064180716-4214260719-1005\Software\Internet Security
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#UninstallString
    C:\Programmer\MMediaCodec\pmuninst.exe

Malware.VirusBurst
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006#UninstallString
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\AjtmrQms
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\doqaoctFrbVz
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\FdDywfdchX
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\fheFv
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\InprocServer32
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\InprocServer32#InprocServer32
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\kwonwrw
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\mnwAU
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\ProgID
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\rukphSW
    HKCR\CLSID\{D6ECDA42-AD6F-F8C3-03EA-5834841ADEC3}\VjmwvZrbsjHLn
    HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}
    HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0
    HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\0
    HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\0\win32
    HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\FLAGS
    HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\HELPDIR
    HKCR\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D}
    HKCR\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D}\ProxyStubClsid
    HKCR\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D}\ProxyStubClsid32
    HKCR\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D}\TypeLib
    HKCR\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D}\TypeLib#Version
    HKCR\Interface\{19DACF08-A207-4271-AA22-C138F512E787}
    HKCR\Interface\{19DACF08-A207-4271-AA22-C138F512E787}\ProxyStubClsid
    HKCR\Interface\{19DACF08-A207-4271-AA22-C138F512E787}\ProxyStubClsid32
    HKCR\Interface\{19DACF08-A207-4271-AA22-C138F512E787}\TypeLib
    HKCR\Interface\{19DACF08-A207-4271-AA22-C138F512E787}\TypeLib#Version
    HKCR\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694}
    HKCR\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694}\ProxyStubClsid
    HKCR\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694}\ProxyStubClsid32
    HKCR\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694}\TypeLib
    HKCR\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694}\TypeLib#Version
    HKCR\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524}
    HKCR\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524}\ProxyStubClsid
    HKCR\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524}\ProxyStubClsid32
    HKCR\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524}\TypeLib
    HKCR\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524}\TypeLib#Version
    HKCR\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0}
    HKCR\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0}\ProxyStubClsid
    HKCR\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0}\ProxyStubClsid32
    HKCR\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0}\TypeLib
    HKCR\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0}\TypeLib#Version
    HKCR\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA}
    HKCR\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA}\ProxyStubClsid
    HKCR\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA}\ProxyStubClsid32
    HKCR\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA}\TypeLib
    HKCR\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA}\TypeLib#Version
    HKCR\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685}
    HKCR\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685}\ProxyStubClsid
    HKCR\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685}\ProxyStubClsid32
    HKCR\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685}\TypeLib
    HKCR\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685}\TypeLib#Version
    HKCR\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E}
    HKCR\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E}\ProxyStubClsid
    HKCR\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E}\ProxyStubClsid32
    HKCR\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E}\TypeLib
    HKCR\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E}\TypeLib#Version
    HKCR\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A}
    HKCR\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A}\ProxyStubClsid
    HKCR\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A}\ProxyStubClsid32
    HKCR\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A}\TypeLib
    HKCR\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A}\TypeLib#Version
    HKCR\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB}
    HKCR\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB}\ProxyStubClsid
    HKCR\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB}\ProxyStubClsid32
    HKCR\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB}\TypeLib
    HKCR\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB}\TypeLib#Version
    HKCR\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB}
    HKCR\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB}\ProxyStubClsid
    HKCR\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB}\ProxyStubClsid32
    HKCR\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB}\TypeLib
    HKCR\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB}\TypeLib#Version
    HKCR\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509}
    HKCR\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509}\ProxyStubClsid
    HKCR\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509}\ProxyStubClsid32
    HKCR\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509}\TypeLib
    HKCR\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509}\TypeLib#Version
    HKCR\Interface\{D648067C-E5D2-4BB8-AD86-A993B8793A52}
    HKCR\Interface\{D648067C-E5D2-4BB8-AD86-A993B8793A52}\ProxyStubClsid
    HKCR\Interface\{D648067C-E5D2-4BB8-AD86-A993B8793A52}\ProxyStubClsid32
    HKCR\Interface\{D648067C-E5D2-4BB8-AD86-A993B8793A52}\TypeLib
    HKCR\Interface\{D648067C-E5D2-4BB8-AD86-A993B8793A52}\TypeLib#Version
    HKCR\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4}
    HKCR\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4}\ProxyStubClsid
    HKCR\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4}\ProxyStubClsid32
    HKCR\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4}\TypeLib
    HKCR\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4}\TypeLib#Version
    HKCR\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF}
    HKCR\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF}\ProxyStubClsid
    HKCR\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF}\ProxyStubClsid32
    HKCR\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF}\TypeLib
    HKCR\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF}\TypeLib#Version
    HKCR\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F}
    HKCR\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F}\ProxyStubClsid
    HKCR\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F}\ProxyStubClsid32
    HKCR\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F}\TypeLib
    HKCR\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F}\TypeLib#Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#pmsngr.exe [ C:\Programmer\MMediaCodec\pmsngr.exe ]
    C:\Programmer\VirusBurster\VirusBurster.exe
    C:\Programmer\VirusBurster
    C:\WINDOWS\Prefetch\VIRUSBURSTER.EXE-32433CED.pf

n-CASE (SongSpy)
    C:\Program Files\N-case\msbb.exe

Unclassified.Unknown Origin/System
    C:\WINDOWS\system32\appln32.exe
    C:\WINDOWS\system32\mfcda32.exe

----

Process.#xe    C:\Documents and Settings\Jonas Allentoft\Skrivebord\smitRem    Tool.Prockill    Renamed.
A0015392.dll    C:\System Volume Information\_restore{61D70FAF-E389-4F44-84EF-081C9BD9CEA7}\RP123    Trojan.Popuper    Deleted.
A0015394.exe    C:\System Volume Information\_restore{61D70FAF-E389-4F44-84EF-081C9BD9CEA7}\RP123    Trojan.Popuper    Deleted.
A0015402.exe\data001    C:\System Volume Information\_restore{61D70FAF-E389-4F44-84EF-081C9BD9CEA7}\RP123\A0015402.exe    Trojan.Popuper   
A0015402.exe\data002    C:\System Volume Information\_restore{61D70FAF-E389-4F44-84EF-081C9BD9CEA7}\RP123\A0015402.exe    Trojan.Popuper   
A0015402.exe    C:\System Volume Information\_restore{61D70FAF-E389-4F44-84EF-081C9BD9CEA7}\RP123    Archive contains infected objects    Moved.
A0015409.dll    C:\System Volume Information\_restore{61D70FAF-E389-4F44-84EF-081C9BD9CEA7}\RP123    Trojan.Popuper    Deleted.
A0015478.exe    C:\System Volume Information\_restore{61D70FAF-E389-4F44-84EF-081C9BD9CEA7}\RP124    Trojan.Popuper    Deleted.

----

Logfile of HijackThis v1.99.0
Scan saved at 22:18:26, on 11-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonas Allentoft\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software GmbH - C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
Avatar billede nva Praktikant
12. oktober 2006 - 07:55 #5
Din log ser ren ud i mine øjne. Har du stadig problemer?
Avatar billede nva Praktikant
12. oktober 2006 - 07:56 #6
Men du har brugt en gammel version af HiJackThis så jeg lige - du bør hente en ny version og lave en ny log for en sikkerheds skyld.
Avatar billede supastar Nybegynder
12. oktober 2006 - 08:20 #7
Her i nyeste HiJackThis :)

Tak for hjælpen....

Logfile of HijackThis v1.99.1
Scan saved at 08:19:10, on 12-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Winamp\winamp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonas Allentoft\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
Avatar billede nva Praktikant
12. oktober 2006 - 08:40 #8
Den er ok
Avatar billede supastar Nybegynder
12. oktober 2006 - 08:42 #9
perfekt - tak :)
Avatar billede Computer Hjælp (Gratis) Mester
12. oktober 2006 - 09:23 #10
Jooo - denne "contrabandists" blev også smidt ud... Godt...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 12:32 iPadOS 26.4.1 kan ikke opdatere Af claes57 i Apps til iOS
I går 10:38 Indholdsfortegnelse ændrer sig, når jeg gemmer som PDF Af Jan K i Word
06/0419:53 installer mange programmer på en gang Af Overgaard1654 i Andet software
06/0417:48 Min hp Officejet pro 7740 skærer det nederste af billedet i word Af rosmarin i Printere
06/0413:13 Batch OCR Af KurtG i Billedbehandling
White papers
Flere white papers »