Søg
Avatar billede martin03 Nybegynder
15. oktober 2006 - 18:47 Der er 45 kommentarer og
2 løsninger

Nogen der vil tjekke mine logs ?

Hey, har ikke forstand på computere så har fået lidt hjælp herinde men håber i kan hjælpe endnu engang :D

Har kørt 3 scanere, Dr. Web, SAS og Ewido

Her er min log fra Ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            10:06:36 PM, 10/12/2006
+ Report-Checksum:        3F962B8D

+ Scan result:

    HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MultiMPPDll.MultiMPPDllObj -> Spyware.VX2 : Cleaned with backup
    HKLM\SOFTWARE\Classes\MultiMPPDll.MultiMPPDllObj\CLSID -> Spyware.VX2 : Cleaned with backup
    HKLM\SOFTWARE\Classes\MultiMPPDll.MultiMPPDllObj\CLSID\\ -> Spyware.MultiMPP : Cleaned with backup
    HKLM\SOFTWARE\Classes\MultiMPPDll.MultiMPPDllObj\CurVer -> Spyware.VX2 : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{262277EC-5BB5-4849-8BF2-1824330C9CAC} -> Spyware.NauPointBar : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E7BD74F-2B8D-469E-95BE-B378BA9CB52D} -> Spyware.NauPointBar : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{002EB272-2590-4693-B166-FBD5D9B6FEA6} -> Spyware.MultiMPP : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> Spyware.Transponder : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1678F7E1-C422-11D0-AD7D-00400515CAAA} -> Spyware.CometCursor : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{262277EC-5BB5-4849-8BF2-1824330C9CAC} -> Spyware.NauPointBar : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} -> Spyware.NauPointBar : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-95BE-B378BA9CB52D} -> Spyware.NauPointBar : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60261C06-81B0-4DE0-9313-E5BA203A64E9} -> Spyware.NauPointBar : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -> Spyware.DealHelper : Cleaned with backup
    C:\Documents and Settings\Maja\Cookies\maja@66.220.17[2].txt -> Spyware.Cookie.66.220.17.154 : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.135:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.136:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.189:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.288:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.289:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.290:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.307:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.356:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.357:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.386:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.389:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.390:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Lop : Cleaned with backup
    :mozilla.438:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
    :mozilla.442:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    :mozilla.457:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.458:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
    :mozilla.496:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.548:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.553:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
    :mozilla.567:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.587:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
    :mozilla.588:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
    :mozilla.606:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
    :mozilla.626:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.627:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.630:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.631:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.632:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.660:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.665:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.66.220.17.154 : Cleaned with backup
    :mozilla.699:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.703:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.704:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@66.220.17[1].txt -> Spyware.Cookie.66.220.17.154 : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@adbrite[2].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@gde.adocean[2].txt -> Spyware.Cookie.Adocean : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@images.lop[2].txt -> Spyware.Cookie.Lop : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Martin Jensen\Lokale indstillinger\Temp\Cookies\martin jensen@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\WINDOWS\autoload.exe -> Not-A-Virus.Tool.Autoloader : Cleaned with backup
    C:\WINDOWS\svcproc.#xe -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
    C:\WINDOWS\Temp\trz18.#mp -> Spyware.MegaSearch : Cleaned with backup


::Report End

Her er min HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 6:46:43 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmer\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Winamp\winamp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Martin Jensen\Lokale indstillinger\Temp\wzc6bf\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zrsseidwbdtmgyu.net/DGZMzyl5kY0FL9xWTXGRNSnfIj5x216OWOdO62waYrvOyPGEn1GpkxFyT9bDJaK/.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [STOPzilla] "C:\Programmer\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [RemoteBitsMathStupid] C:\Documents and Settings\All Users\Application Data\ping first remote bits\does drv.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [EasyMessage] "C:\Programmer\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [mealmediaidolcorn] C:\Documents and Settings\All Users\Application Data\LiesOnceMealMedia\Fast Grim.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sfflogv] C:\WINDOWS\system32\monysz.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [sign extra] C:\DOCUME~1\MARTIN~1\APPLIC~1\BEEP32~1\Upload two bold.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - C:\Documents and Settings\Martin Jensen\Dokumenter\Videoer\Ny mappe\Ny mappe\Add_Url.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAccess/ie/bridge-c5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.mmradio.org/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?eef534db749fbb8f6134e9a3fb4743fe6526e0638ba0e86b1c4e89c6932f1981f69b64d352c0237d0ef8f029a838b3302c7c7803d8df7a8b8ae4bbbe4385e18a6f:7dffda6bf28b9ed258b3e6671c0f0c1f
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Håber virkelig i kan hjælpe ?

På forhånd tak!
Avatar billede levich Nybegynder
15. oktober 2006 - 21:10 #1
Øjeblik, så ser jeg på det.
Avatar billede levich Nybegynder
15. oktober 2006 - 21:23 #2
Det ser slemt ud. Vi skal nok få renset din computer, men det kommer til at tage lidt tid og indsats fra din side af.


(1)
Hent http://downloads.stevengould.org/cleanup/CleanUp40.exe
Læs vejledningen til Cleanup her: http://www.bleepingcomputer.com/forums/tutorial93.html

Hent http://www.spywarefri.dk/downloads1/ewido-setup.exe (Ewido).
Installer programmer og opdater det, men vent med at scanne.

Hent og udpak Killbox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Hent http://www.cexx.org/LSPFix.exe.
Hvis du senere ikke kan komme på internettet, skal du køre lspfix.exe, marker "I know what I am doing" og klik på finish.

Jeg kan anbefale, at du afinstallerer Spyware Begone, da det er et program som er mistænkt for at gøre med skade end gavn.

(2)
Scan med Ewido, fix de ting som den finder og gem loggen, f.eks. på skrivebordet.

(3)
Fix følgende linjer med HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zrsseidwbdtmgyu.net/DGZMzyl5kY0FL9xWTXGRNSnfIj5x216OWOdO62waYrvOyPGEn1GpkxFyT9bDJaK/.html
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKLM\..\Run: [RemoteBitsMathStupid] C:\Documents and Settings\All Users\Application Data\ping first remote bits\does drv.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [mealmediaidolcorn] C:\Documents and Settings\All Users\Application Data\LiesOnceMealMedia\Fast Grim.exe
O4 - HKLM\..\Run: [sfflogv] C:\WINDOWS\system32\monysz.exe r
O4 - HKCU\..\Run: [sign extra] C:\DOCUME~1\MARTIN~1\APPLIC~1\BEEP32~1\Upload two bold.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAccess/ie/bridge-c5.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.mmradio.org/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?eef534db749fbb8f6134e9a3fb4743fe6526e0638ba0e86b1c4e89c6932f1981f69b64d352c0237d0ef8f029a838b3302c7c7803d8df7a8b8ae4bbbe4385e18a6f:7dffda6bf28b9ed258b3e6671c0f0c1f
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

(4)
Start KillBox, sæt prik i "Delete on reboot", kopier nedenstående filnavn(e) til tekstfeltet i Killbox og klik herefter på den røde knap med det hvide kryds. Gentag det for alle filerne, men sig først ja til at genstarte, når du kommer til den sidste fil. Du skal genstarte i fejlsikret tilstand.

C:\WINDOWS\svcproc.exe

(5)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende fil(er):
C:\Documents and Settings\All Users\Application Data\ping first remote bits\does drv.exe
C:\WINDOWS\iexplore.exe
C:\Documents and Settings\All Users\Application Data\LiesOnceMealMedia\Fast Grim.exe
C:\WINDOWS\system32\monysz.exe
C:\DOCUME~1\MARTIN~1\APPLIC~1\BEEP32~1\Upload two bold.exe
C:\WINDOWS\svcproc.exe

Bemærk at nogle af dem kan allerede være slettet af Ewido.

(6)
Kør Cleanup. Gå til option og sæt flueben ved cookies, prefetch, temp og all users. Tryk på “cleanup”.

(7)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind sammen med loggen fra Ewido, som du gemte tidligere.
Avatar billede martin03 Nybegynder
15. oktober 2006 - 22:25 #3
mange tak, ja det kræver da vidst en del :D men prøver lige :P

Kan ikke huske jeg har installeret Spyware Begone ?? hvor finder jeg det ?

og punkt 2, hvordan "fikser" jeg de linjer med HiJackThis ?
Avatar billede martin03 Nybegynder
15. oktober 2006 - 22:36 #4
et mere spørgsmål, hvordan genstarter man i fejlsikret tilstand ? :S
Avatar billede levich Nybegynder
15. oktober 2006 - 22:57 #5
Begone:
start -> kontrolpanel -> tilføj/fjern programmer

Fix med hijackthis:
Først scanner du, herefter kan du sætte et flueben ud for de linjer, som du ønsker at fixe, endelig trykker du på knappen "fix checked".

Fejlsikret tilstand:
http://www.kimludvigsen.dk/tips-windows-fejlsikret.html
Avatar billede fromsej Praktikant
16. oktober 2006 - 09:18 #6
Levich >> Det er bl.a. min gamle "ven" Lop der er på spil, der kører med 99% sikkerhed et job, der holder infektionen i live.
Nolop vil vise det, så jeg tillader mig lige at ligge den ind.*S*

Hent NoLop exe til skrivebordet:
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16

Kør den, tryk på - Search and Destroy - knappen. Så vil den scanne efter lop

infektioner, og planlagte lop job´s. Hvis den finder noget, bliver du bedt om at trykke

på Reboot-knappen, det gør du.

Efter genstart ligger der en en fil: C:\NoLop txt
kopier indholdet af den herind sammen med en ny hijackthis log
Avatar billede levich Nybegynder
16. oktober 2006 - 11:52 #7
fromsej -> hvad indikerer Lop?
Avatar billede fromsej Praktikant
16. oktober 2006 - 12:26 #8
Det er første indikator, det rene NONSENS i en R1 linie.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zrsseidwbdtmgyu.net/DGZMzyl5kY0FL9xWTXGRNSnfIj5x216OWOdO62waYrvOyPGEn1GpkxFyT9bDJaK/.html

Ligger i Application data, mappenavn på 4 ord (kan variere), alle ord har en mening, men sammen giver de absolut ingen.
O4 - HKLM\..\Run: [RemoteBitsMathStupid] C:\Documents and Settings\All Users\Application Data\ping first remote bits\does drv.exe

Lidt det samme, her er mappenavnet i et ord, men det kan nemt deles til fire ord, der hver for sig betyder noget.
O4 - HKLM\..\Run: [mealmediaidolcorn] C:\Documents and Settings\All Users\Application Data\LiesOnceMealMedia\Fast Grim.exe
Lies - Once - Meal - Media

Nu er der nok ikke mange der har studeret Lop så indgående som jeg har, noget af det tror jeg er rent instinkt, havde jeg været kvinde, havde det vel heddet intiution.

Men det er en rigtig møginfektion at slå ihjel, det er ikke engang sikkert at Nolop gør tricket, men med denne kommando, vil man få vist alle kørende jobs, også de skjulte, det sørger /query for.

Klik på Start->Kør skriv CMD og klik OK.
I "DOS"vinduet skriver du følgende:
schtasks /query>C:\tasks.txt
Det tager et splitsekund, så lukker du bare det vindue igen.
Find filen C:\tasks.txt, dobbeltklik på den og kopier indholdet herind.

Typiske Lop jobs ser således ud:
A65E6C799109E7B9.job (A65E6C799109E7B9)
AC9C840491873670.job
Både tal og bogstaver varierer meget, dog mener jeg ikke at have set højere startbogstav end B, dette er jeg dog ikke 100% sikker på.
Avatar billede levich Nybegynder
16. oktober 2006 - 13:13 #9
fromsej -> Og Lop-infektionen skal fjernes før at man begynder på at fjerne nogle af de andre infektioner?
Avatar billede fromsej Praktikant
16. oktober 2006 - 13:20 #10
Nej, det gør ikke så meget.
Avatar billede martin03 Nybegynder
16. oktober 2006 - 19:18 #11
Her er loggen fra Ewido:

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            5:49:07 AM, 10/16/2006
+ Rapport-Checksum:        9B7D96D

+ Scanningsresultat:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Renset med backup
    HKLM\SYSTEM\CurrentControlSet\Services\SvcProc -> Adware.BetterInternet : Renset med backup
    HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security -> Adware.BetterInternet : Renset med backup
    HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum -> Adware.BetterInternet : Renset med backup
    HKU\S-1-5-21-1708537768-152049171-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Renset med backup
    :mozilla.107:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> TrackingCookie.Yadro : Renset med backup
    :mozilla.542:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.550:C:\Documents and Settings\Martin Jensen\Application Data\Mozilla\Firefox\Profiles\dg44lm2q.default\cookies.txt -> TrackingCookie.Enhance : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@adbrite[1].txt -> TrackingCookie.Adbrite : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@advertising[1].txt -> TrackingCookie.Advertising : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@atdmt[2].txt -> TrackingCookie.Atdmt : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@com[1].txt -> TrackingCookie.Com : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@doubleclick[1].txt -> TrackingCookie.Doubleclick : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@qksrv[2].txt -> TrackingCookie.Qksrv : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@targad[1].txt -> TrackingCookie.Targad : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Renset med backup
    C:\Documents and Settings\Martin Jensen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\IFFVP5WP\popup[1].htm -> Hijacker.Agent.a : Renset med backup
    C:\Documents and Settings\Martin Jensen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\NWKTB6PI\popup[1].htm -> Hijacker.Agent.a : Renset med backup
    C:\WINDOWS\bjtca52c.#xe -> Adware.Sahat : Renset med backup
    C:\WINDOWS\vykdos.#xe -> Adware.BetterInternet : Renset med backup


::Rapport slut


Her er loggen fra HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 7:16:55 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmer\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Martin Jensen\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [STOPzilla] "C:\Programmer\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [EasyMessage] "C:\Programmer\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sfflogv] C:\WINDOWS\system32\monysz.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [sign extra] C:\DOCUME~1\MARTIN~1\APPLIC~1\BEEP32~1\Upload two bold.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - C:\Documents and Settings\Martin Jensen\Dokumenter\Videoer\Ny mappe\Ny mappe\Add_Url.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe


Her er loggen fra NoLop:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Martin Jensen\Skrivebord
[10/16/2006]
[7:00:53 PM]

---Infection Files Found/Removed---
C:\Documents and Settings\Martin Jensen\DoctorWeb\Quarantine\title info.bk!

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Liesoncemealmedia
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nfs Underground
C:\Documents and Settings\All Users\Application Data\Ping First Remote Bits
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Messenger_5.0.0482
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Gæst\Application Data\Identities
C:\Documents and Settings\Gæst\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Maja\Application Data\Apple Computer
C:\Documents and Settings\Maja\Application Data\Beep 32 Move  -- EMPTY Directory
C:\Documents and Settings\Maja\Application Data\Identities
C:\Documents and Settings\Maja\Application Data\Macromedia
C:\Documents and Settings\Maja\Application Data\Microsoft
C:\Documents and Settings\Maja\Application Data\Msn6  -- EMPTY Directory
C:\Documents and Settings\Maja\Application Data\Pc Suite
C:\Documents and Settings\Martin Jensen\Application Data\Adobe
C:\Documents and Settings\Martin Jensen\Application Data\Adobeaum
C:\Documents and Settings\Martin Jensen\Application Data\Adobeum  -- EMPTY Directory
C:\Documents and Settings\Martin Jensen\Application Data\Ahead
C:\Documents and Settings\Martin Jensen\Application Data\Apple Computer
C:\Documents and Settings\Martin Jensen\Application Data\Arcsoft
C:\Documents and Settings\Martin Jensen\Application Data\Beep 32 Move
C:\Documents and Settings\Martin Jensen\Application Data\Cyberlink
C:\Documents and Settings\Martin Jensen\Application Data\Datalayer
C:\Documents and Settings\Martin Jensen\Application Data\Dvdcss
C:\Documents and Settings\Martin Jensen\Application Data\Help  -- EMPTY Directory
C:\Documents and Settings\Martin Jensen\Application Data\Hp
C:\Documents and Settings\Martin Jensen\Application Data\Identities
C:\Documents and Settings\Martin Jensen\Application Data\Intertrust
C:\Documents and Settings\Martin Jensen\Application Data\Lavasoft
C:\Documents and Settings\Martin Jensen\Application Data\Leadertech
C:\Documents and Settings\Martin Jensen\Application Data\Macromedia
C:\Documents and Settings\Martin Jensen\Application Data\Microsoft
C:\Documents and Settings\Martin Jensen\Application Data\Microsoft Web Folders  -- EMPTY Directory
C:\Documents and Settings\Martin Jensen\Application Data\Mozilla
C:\Documents and Settings\Martin Jensen\Application Data\Msn6
C:\Documents and Settings\Martin Jensen\Application Data\Netpumper
C:\Documents and Settings\Martin Jensen\Application Data\Nokia
C:\Documents and Settings\Martin Jensen\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Martin Jensen\Application Data\Openoffice.org2
C:\Documents and Settings\Martin Jensen\Application Data\Pc Suite
C:\Documents and Settings\Martin Jensen\Application Data\Rapidget
C:\Documents and Settings\Martin Jensen\Application Data\Roxio
C:\Documents and Settings\Martin Jensen\Application Data\Smartftp
C:\Documents and Settings\Martin Jensen\Application Data\Stopzilla!
C:\Documents and Settings\Martin Jensen\Application Data\Superantispyware.com
C:\Documents and Settings\Martin Jensen\Application Data\Vlc
C:\Documents and Settings\Martin Jensen\Application Data\Windowbib  -- EMPTY Directory
C:\Documents and Settings\Mbj\Application Data\Windowbib  -- EMPTY Directory
C:\Documents and Settings\Networkservice\Application Data\Microsoft


Håber det hjalp :D
Avatar billede levich Nybegynder
16. oktober 2006 - 21:00 #12
Ja, det hjalp. Nu mangler der blot to ting.
Husk at du ikke skal genstarte mellem punkterne.

(1)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
O4 - HKLM\..\Run: [sfflogv] C:\WINDOWS\system32\monysz.exe r
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan

(2)
Scan med Ewido, fix de ting som den finder og gem loggen, f.eks. på skrivebordet.

(3)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende fil(er):
C:\WINDOWS\system32\monysz.exe r
... og følgende mappe(r):
C:\freescan\

(4)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(5)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind sammen med loggen fra Ewido.
Avatar billede martin03 Nybegynder
16. oktober 2006 - 21:09 #13
okay, super :D får lige fikset det sidste så ;P

Har du evt. nogle gode forslag til at beskytte min computer ?
Avatar billede levich Nybegynder
17. oktober 2006 - 00:52 #14
Husk at opdatere windows via windowsupdate. Du har allerede SP2 og et anti-virusprogram. Du mangler vist en firewall (f.eks. Zonealarm) http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp.

Installer anti-spyware programmet Spybot Search and Destroy http://www.safer-networking.org/dk/index.html og scan med det jævnligt.
Avatar billede martin03 Nybegynder
17. oktober 2006 - 17:42 #15
windows opdatere selv jævnligt.

har Avast virusprogram

bruger Ad-Aware SE jævnligt er det ikke udemærket ?
Avatar billede levich Nybegynder
17. oktober 2006 - 18:33 #16
Ad-aware er en anelse dårlige end spybot. Så mangler du kun en firewall - den indbyggede i windows er ikke godt nok.
Avatar billede martin03 Nybegynder
19. oktober 2006 - 21:04 #17
Efter jeg har installeret Zone Alarm er mit internet blevet så ringe ! den er 20 gange så langsom som før ?

En masse ting er forsvundet måtte kæmpe en krig for bare at finde mit trådløse net igen :S

Håber du kan hjælpe, for jeg syns virkelig det er for dårligt med det program, så har slået det fra.
Avatar billede levich Nybegynder
19. oktober 2006 - 21:10 #18
Det har jeg aldrig hørt om før. Men du bør nu stadig have en firewall. Prøv at søge efter en anden firewall, som ligeledes er gratis.
Avatar billede martin03 Nybegynder
19. oktober 2006 - 21:16 #19
okay.. hmm kan du anbefale en firewall ?

Kan ikke finde dette her ?
C:\WINDOWS\system32\monysz.exe r
C:\freescan\
Avatar billede levich Nybegynder
19. oktober 2006 - 21:36 #20
Hvis du ikke kan finde de to ting, så tyder det på, at de allerede er slettet, måske af Ewido.

Jeg kender kun Zonealarm, hvis vi snakker gratis firewalls. Men prøve at søge på google efter "freeware firewall". Der skulle gerne dukke mange resultater op.
Avatar billede martin03 Nybegynder
19. oktober 2006 - 22:36 #21
okay..

Jeg har deaktiveret alle de andre funktioner i ZoneAlram udover Firewall og nu funker det :D er det iorden, eller ?

Her er den ny HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:34 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmer\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmer\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Documents and Settings\Martin Jensen\Skrivebord\Virus-spyware osv\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [STOPzilla] "C:\Programmer\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [EasyMessage] "C:\Programmer\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sign extra] C:\DOCUME~1\MARTIN~1\APPLIC~1\BEEP32~1\Upload two bold.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - C:\Documents and Settings\Martin Jensen\Dokumenter\Videoer\Ny mappe\Ny mappe\Add_Url.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Her er den nye Ewido log :
Avatar billede martin03 Nybegynder
19. oktober 2006 - 22:37 #22
Ewido

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            10:19:51 PM, 10/19/2006
+ Rapport-Checksum:        18BE2D78

+ Scanningsresultat:
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@ad.adocean[1].txt -> TrackingCookie.Adocean : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@adbrite[2].txt -> TrackingCookie.Adbrite : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@gde.adocean[2].txt -> TrackingCookie.Adocean : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Renset med backup
    C:\Documents and Settings\Martin Jensen\Cookies\martin jensen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Renset med backup


::Rapport slut
Avatar billede martin03 Nybegynder
19. oktober 2006 - 22:40 #23
Fromsej:

Her er det du vilel se havde bare helt glemt det håber du stadigvæk er her og vil hjælpe :D sorry.


Opgavenavn                          N‘ste k›rsel            Status       
==================================== ======================== ===============
{2C24BEE6-01AC-41CD-B45B-2DA1948CBE4 09:00:00, 10/20/2006                   
{591B6509-75A8-4B13-82D9-826B07C1F74 16:00:00, 10/20/2006                   
{F7242277-BF0C-43F2-A3B4-17E647FD2BE 16:00:00, 10/20/2006
Avatar billede levich Nybegynder
19. oktober 2006 - 23:02 #24
Ifølge den sidste hijackthis log er
C:\WINDOWS\system32\monysz.exe r
C:\freescan\
væk, og Ewido fandt ikke noget relevant.
Avatar billede fromsej Praktikant
19. oktober 2006 - 23:12 #25
Hmm, der er stadig Lop i loggen, så må vi prøve på gammeldags eskimomanér.

Hent fl.zip, pak den ud og kør fl.bat - programmet laver en lille tekst fil, som du også skal kopiere herind:
http://www.ctrlaltdel.dk/Programmer/fl.zip

Hent Schtasks her:
http://fromsej.dk/download/schtasks.exe
Den skal ligge i C:\windows\system32\
Hvis du bliver spurgt om den skal overskrives, så annuller download, så har du filen allerede.

Klik på Start->Kør skriv CMD og klik OK.
I "DOS"vinduet skriver du følgende:
schtasks /query>C:\tasks.txt
Det tager et splitsekund, så lukker du bare det vindue igen.
Find filen C:\tasks.txt, dobbeltklik på den og kopier indholdet herind.
Avatar billede martin03 Nybegynder
19. oktober 2006 - 23:32 #26
Nr. 1

Disken i drev C har ikke noget navn.
Diskens serienummer er 9C58-9E74

Indhold af C:\Documents and Settings\All Users\Application Data

06/22/2006  11:13 PM    <DIR>          Adobe
07/17/2004  03:12 PM    <DIR>          Ahead
12/20/2005  01:21 PM    <DIR>          Apple Computer
02/02/2004  11:07 PM    <DIR>          CyberLink
08/26/2004  07:07 PM              244 G-Force Prefs (MediaMonkey).txt
10/19/2006  11:11 PM            1,889 hpzinstall.log
02/09/2005  08:36 PM    <DIR>          InstallShield
10/02/2006  06:18 PM    <DIR>          LiesOnceMealMedia
04/07/2004  10:37 PM    <DIR>          MSN6
02/14/2004  05:32 PM    <DIR>          NFS Underground
10/02/2006  06:19 PM    <DIR>          ping first remote bits
12/20/2005  01:35 PM            1,755 QTSBandwidthCache
10/19/2006  08:49 PM    <DIR>          Spybot - Search & Destroy
12/14/2005  12:38 AM    <DIR>          Windows Genuine Advantage
10/16/2004  05:40 PM    <DIR>          Windows Messenger_5.0.0482
              3 fil(er)            3,888 byte
              12 mappe(r)  17,745,264,640 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9C58-9E74

Indhold af C:\Documents and Settings\Default User\Application Data

02/02/2004  09:35 PM    <DIR>          .
02/02/2004  09:35 PM    <DIR>          ..
              0 fil(er)                0 byte
              2 mappe(r)  17,745,199,104 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9C58-9E74

Indhold af C:\Documents and Settings\G‘st\Application Data

02/10/2004  10:15 PM    <DIR>          Identities
              0 fil(er)                0 byte
              1 mappe(r)  17,745,199,104 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9C58-9E74

Indhold af C:\Documents and Settings\Maja\Application Data

04/12/2006  05:09 PM    <DIR>          .
04/12/2006  05:09 PM    <DIR>          ..
03/29/2006  04:12 PM    <DIR>          Apple Computer
10/02/2006  06:20 PM    <DIR>          Beep 32 Move
01/15/2006  12:00 AM    <DIR>          Identities
01/15/2006  11:51 AM    <DIR>          Macromedia
02/11/2006  05:56 PM    <DIR>          MSN6
04/08/2006  10:29 AM    <DIR>          PC Suite
              0 fil(er)                0 byte
              8 mappe(r)  17,745,199,104 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9C58-9E74

Indhold af C:\Documents and Settings\MBJ\Application Data

01/28/2006  08:04 PM    <DIR>          .
01/28/2006  08:04 PM    <DIR>          ..
10/02/2006  08:15 PM    <DIR>          Windowbib
              0 fil(er)                0 byte
              3 mappe(r)  17,745,199,104 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9C58-9E74

Indhold af C:\Documents and Settings\LocalService\Application Data

Disken i drev C har ikke noget navn.
Diskens serienummer er 9C58-9E74

Indhold af C:\Documents and Settings\Martin Jensen\Application Data

10/15/2006  11:14 PM    <DIR>          .
10/15/2006  11:14 PM    <DIR>          ..
02/02/2004  09:35 PM                62 desktop.ini
02/03/2004  07:06 PM    <DIR>          Help
02/02/2004  10:16 PM    <DIR>          Identities
08/21/2004  01:20 PM    <DIR>          Macromedia
02/02/2004  10:32 PM    <DIR>          Microsoft Web Folders
              1 fil(er)              62 byte
              6 mappe(r)  17,745,129,472 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9C58-9E74

Indhold af C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job '{2C24BEE6-01AC-41CD-B45B-2DA1948CBE4F}_BJ-JKT10HGTSQT2_
        Martin Jensen.job'
[TRACE] Printing all job properties

  ApplicationName:    'C:\WINDOWS\system32\mobsync.exe'
  Parameters:        ' /Schedule="{2C24BEE6-01AC-41CD-B45B-2DA1948CBE4F}_BJ-JKT10HGTSQT2_Martin Jensen"'
  WorkingDirectory:  ''
  Comment:            ''
  Creator:            'SyncMgrInternalCreatorName'
  Priority:          NORMAL
  MaxRunTime:        259200000 (3d  0:00:00)
  IdleWait:          10
  IdleDeadline:      60
  MostRecentRun:      08/10/2006  9:00:00
  NextRun:            10/20/2006  9:00:00
  StartError:        S_OK
  ExitCode:          0
  Status:            SCHED_S_TASK_READY
  ScheduledWorkItem Flags:
    DeleteWhenDone          = 0
    Suspend                = 0
    StartOnlyIfIdle        = 0
    KillOnIdleEnd          = 0
    RestartOnIdleResume    = 0
    DontStartIfOnBatteries  = 0
    KillIfGoingOnBatteries  = 0
    RunOnlyIfLoggedOn      = 1
    SystemRequired          = 0
    Hidden                  = 0
  TaskFlags:          0

  1 Trigger

  Trigger 0:
    Type:            Weekly
    WeeksInterval:  1
    DaysOfTheWeek:  .MTWRF.
    StartDate:      01/01/1970
    EndDate:        00/00/0000
    StartTime:      09:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
      HasEndDate      = 0
      KillAtDuration  = 0
      Disabled        = 0


[TRACE] Activating job '{591B6509-75A8-4B13-82D9-826B07C1F747}_BJ-JKT10HGTSQT2_
        Martin Jensen.job'
[TRACE] Printing all job properties

  ApplicationName:    'C:\WINDOWS\system32\mobsync.exe'
  Parameters:        ' /Schedule="{591B6509-75A8-4B13-82D9-826B07C1F747}_BJ-JKT10HGTSQT2_Martin Jensen"'
  WorkingDirectory:  ''
  Comment:            ''
  Creator:            'SyncMgrInternalCreatorName'
  Priority:          NORMAL
  MaxRunTime:        259200000 (3d  0:00:00)
  IdleWait:          10
  IdleDeadline:      60
  MostRecentRun:      10/13/2006 16:00:00
  NextRun:            10/20/2006 16:00:00
  StartError:        S_OK
  ExitCode:          0
  Status:            SCHED_S_TASK_READY
  ScheduledWorkItem Flags:
    DeleteWhenDone          = 0
    Suspend                = 0
    StartOnlyIfIdle        = 0
    KillOnIdleEnd          = 0
    RestartOnIdleResume    = 0
    DontStartIfOnBatteries  = 0
    KillIfGoingOnBatteries  = 0
    RunOnlyIfLoggedOn      = 1
    SystemRequired          = 0
    Hidden                  = 0
  TaskFlags:          0

  1 Trigger

  Trigger 0:
    Type:            Weekly
    WeeksInterval:  1
    DaysOfTheWeek:  .....F.
    StartDate:      01/01/1970
    EndDate:        00/00/0000
    StartTime:      16:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
      HasEndDate      = 0
      KillAtDuration  = 0
      Disabled        = 0


[TRACE] Activating job '{F7242277-BF0C-43F2-A3B4-17E647FD2BE8}_BJ-JKT10HGTSQT2_
        Martin Jensen.job'
[TRACE] Printing all job properties

  ApplicationName:    'C:\WINDOWS\system32\mobsync.exe'
  Parameters:        ' /Schedule="{F7242277-BF0C-43F2-A3B4-17E647FD2BE8}_BJ-JKT10HGTSQT2_Martin Jensen"'
  WorkingDirectory:  ''
  Comment:            ''
  Creator:            'SyncMgrInternalCreatorName'
  Priority:          NORMAL
  MaxRunTime:        259200000 (3d  0:00:00)
  IdleWait:          10
  IdleDeadline:      60
  MostRecentRun:      10/18/2006 16:00:00
  NextRun:            10/20/2006 16:00:00
  StartError:        S_OK
  ExitCode:          0
  Status:            SCHED_S_TASK_READY
  ScheduledWorkItem Flags:
    DeleteWhenDone          = 0
    Suspend                = 0
    StartOnlyIfIdle        = 0
    KillOnIdleEnd          = 0
    RestartOnIdleResume    = 0
    DontStartIfOnBatteries  = 0
    KillIfGoingOnBatteries  = 0
    RunOnlyIfLoggedOn      = 1
    SystemRequired          = 0
    Hidden                  = 0
  TaskFlags:          0

  1 Trigger

  Trigger 0:
    Type:            Weekly
    WeeksInterval:  1
    DaysOfTheWeek:  .MTWRF.
    StartDate:      01/01/1970
    EndDate:        00/00/0000
    StartTime:      16:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
      HasEndDate      = 0
      KillAtDuration  = 0
      Disabled        = 0


Nr. 2


Opgavenavn                          N‘ste k›rsel            Status       
==================================== ======================== ===============
{2C24BEE6-01AC-41CD-B45B-2DA1948CBE4 09:00:00, 10/20/2006                   
{591B6509-75A8-4B13-82D9-826B07C1F74 16:00:00, 10/20/2006                   
{F7242277-BF0C-43F2-A3B4-17E647FD2BE 16:00:00, 10/20/2006
Avatar billede fromsej Praktikant
20. oktober 2006 - 19:00 #27
Genstart i fejlsikret og slet følgende mapper:

C:\Documents and Settings\All Users\Application Data\LiesOnceMealMedia
C:\Documents and Settings\All Users\Application Data\ping first remote bits

C:\Documents and Settings\Maja\Application Data\Beep 32 Move

Genstart normalt og kom med en frisk Hijackthislog, så vi lige kan få det sidste fjernet, hvis der er mere.
Avatar billede martin03 Nybegynder
21. oktober 2006 - 22:28 #28
Her er HijackThis log'en.

Logfile of HijackThis v1.99.1
Scan saved at 10:27:01 PM, on 10/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmer\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Winamp\winamp.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Martin Jensen\Skrivebord\Virus-spyware osv\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [STOPzilla] "C:\Programmer\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [EasyMessage] "C:\Programmer\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sign extra] C:\DOCUME~1\MARTIN~1\APPLIC~1\BEEP32~1\Upload two bold.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - C:\Documents and Settings\Martin Jensen\Dokumenter\Videoer\Ny mappe\Ny mappe\Add_Url.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Den er begyndt at fryse meget tidt ? og blevet ret langsom på det sidste, ved ikke hvorfor ?
Avatar billede fromsej Praktikant
22. oktober 2006 - 11:48 #29
Hmm, selv jeg kan åbenbart overse ting?? (Måske en tur på Agilitybaneb hr fromsej???)

Afinstaller Zango Messenger i Tilføj/fjern programmer, hvis du kan.

Kør så Hijackthis og fix: (husk at alle andre vinduer skal være lukket også IE)

O4 - HKLM\..\Run: [EasyMessage] "C:\Programmer\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [sign extra] C:\DOCUME~1\MARTIN~1\APPLIC~1\BEEP32~1\Upload two bold.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Genstart i fejlsikret og slet disse mapper:
C:\Programmer\Zango Messenger\
C:\DOCUME~1\MARTIN~1\APPLIC~1\BEEP32~1\

Genstart normalt, kom med en frisk Hijackthislog.

At den fryser, kan skyldes de infektioner du har (haft), de gør underlige ting ved systemfilerne sommetider, det tager vi til sidst.
Avatar billede martin03 Nybegynder
22. oktober 2006 - 18:49 #30
hehe :P det går nok ;)

okay, fixer jeg lige :D
Avatar billede martin03 Nybegynder
23. oktober 2006 - 18:42 #31
HijackThis loggen:


Logfile of HijackThis v1.99.1
Scan saved at 6:37:50 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmer\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin Jensen\Skrivebord\Virus-spyware osv\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [STOPzilla] "C:\Programmer\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Martin Jensen\Skrivebord\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - C:\Documents and Settings\Martin Jensen\Dokumenter\Videoer\Ny mappe\Ny mappe\Add_Url.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hva siger den så :P

Kunne ikke finde :
Avatar billede martin03 Nybegynder
23. oktober 2006 - 18:43 #32
kunne ikke finde denne fil i fejlsikret tilstand: C:\Programmer\Zango Messenger\
Avatar billede fromsej Praktikant
23. oktober 2006 - 19:50 #33
Så er din log ren, vi behøver ikke at se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.
Avatar billede martin03 Nybegynder
23. oktober 2006 - 21:55 #34
mange gange tak :D

Er skam deaktiveret ;)

Har installeret: Super Anti Spyware, Spybot - Search & Destroy og zone alarm er de ikke udemærket ?

Kan jeg slette ewido og clean up, dr web, killbox, no lop og lspfix fra min computer nu, eller ?
Avatar billede fromsej Praktikant
24. oktober 2006 - 15:51 #35
Jo, programmerne er udemærkede, dem jeg foreslår er lidt anderledes i og med at de holder skidtet ude, så især Spywareblaster og IE-Spyad er uundværlige.

Ja, dem kan du roligt slette.

Tak for point. :-)
Avatar billede martin03 Nybegynder
24. oktober 2006 - 22:42 #36
okay, så hvilke programmer kan jeg undvære når jeg installerer Spywareblaster og IE-Spyad ?

fint.

Var skam så lidt, takker for hjælpen !

Den fryser stadigvæk lidt :( ved bare ikke hvorfor den kan fryse 5 gange på 2-3 timer
Avatar billede martin03 Nybegynder
25. oktober 2006 - 20:50 #37
Noget du evt. kan hjælpe med Fromsej ?
Avatar billede fromsej Praktikant
26. oktober 2006 - 18:36 #38
Ja muligvis, jeg har været på kursus, så jeg har været uden net i TO dage. *GYS*

Prøv at åbne kabinettet og rens skidt og støv ud.
Især CPU blæseren og grafikkortblæseren (hvis der er en).
Husk det foregår uden strømledningen sat til, og med forsigtighed.*S*
Avatar billede martin03 Nybegynder
26. oktober 2006 - 19:33 #39
hehe :P

Har renset hele kabinettet, cpu blæser, bundkort, ram osv. for støv.

Men den fryser stadigvæk nogle gange :S
Avatar billede fromsej Praktikant
27. oktober 2006 - 16:05 #40
Der kan være systemfiler der er blevet skadet.

Klik på Start->Kør skriv SFC /scannow(bemærk mellemrum), klik OK.
Din CD skal sidde i drevet.
Avatar billede martin03 Nybegynder
29. oktober 2006 - 21:54 #41
hvilken CD ?
Avatar billede fromsej Praktikant
29. oktober 2006 - 22:13 #42
Pink Floyd - A Saucerful of Secrets.
Hvis du ikke har den, så prøv med din XP CD. ;-)

(Undskyld, det burde jeg have skrevet i mit forrige indlæg)
Avatar billede martin03 Nybegynder
30. oktober 2006 - 17:08 #43
hehe :P
ja det burde du ;)
Avatar billede martin03 Nybegynder
30. oktober 2006 - 17:12 #44
har ledt efter min cd men kan sku ikke finde den :@
Avatar billede fromsej Praktikant
30. oktober 2006 - 19:02 #45
Til SFC burde du kunne låne en CD og bruge, eneste krav er at den skal være Home eller Pro som din installerede XP er.
Avatar billede martin03 Nybegynder
30. oktober 2006 - 19:14 #46
SFC ??

Okay, prøver jeg lige :D
Avatar billede fromsej Praktikant
30. oktober 2006 - 19:47 #47
Klik på Start->Kør skriv SFC /scannow(bemærk mellemrum), klik OK.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
I dag 11:32 Hjælp til kontrol af sygefravær Af Maja i Excel
I går 13:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
White papers
Flere white papers »