CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede jab2003 Nybegynder
16. juni 2007 - 20:06 Der er 10 kommentarer

Hijackthis log

Hejsa!

Jeg har fået det problem at min computer genstarter uden årsag. Nogen gange efter 10 min. og andre gange efter et par timer. Det er ikke holdbart. Windows kommmer med en fejlmeddelelse der siger: Virus alert: Microsoft detected the Win32/Nuwar.N!sys virus on your computer.

Jeg har derfor fået lavet denne log af hijackthis. Er der mon nogen der kan hjælpe.

Logfile of Trend Micro HijackThis v2.0.0
Scan saved at 17:49:07, on 16-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\VIRUSfighter\bin\ZLH.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\X-Micro\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\VIRUSfighter\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\X-Micro\Bluetooth-software\BTTray.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
F:\bootcd\wintools\autorun.exe
C:\DOCUME~1\JENSBR~1\LOKALE~1\Temp\HIJACK.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {096B1174-E4CF-4860-8144-2229E131B4E2} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: (no name) - {B67A4C3A-A2A0-B428-D97F-F9ADD8E6239D} - C:\WINDOWS\system32\mhsl.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Fzutwh] C:\Programmer\F?nts\fast.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\X-Micro\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\X-Micro\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\X-Micro\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://java.irc.liveharmony.org:8080/java/cr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/au...tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Sa...G/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36F32DA3-0738-4E26-BAB4-D8B7FB22986F}: NameServer = 195.82.195.101,129.142.7.101
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\X-Micro\Bluetooth-software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 13925 bytes

Mvh. Jens
Avatar billede levich Nybegynder
17. juni 2007 - 14:02 #1
Jeg ser på det, øjeblik.
Avatar billede Computer Hjælp (Gratis) Mester
17. juni 2007 - 14:14 #2
(( ..\F?nts\fast.exe )) SUK*
Avatar billede levich Nybegynder
17. juni 2007 - 14:14 #3
Læs alle punkterne inden du gør noget.

(1)
Følg vejledningen her:
Vundofix: http://www.atribune.org/content/view/24/2/

(2)
Opdater Ewido, som du allerede har installeret, men vent med at scanne.

Hent http://www.stevengould.org/downloads/cleanup/CleanUp452.exe og installer det.

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
O2 - BHO: (no name) - {096B1174-E4CF-4860-8144-2229E131B4E2} - (no file)
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - (no file)
O2 - BHO: (no name) - {B67A4C3A-A2A0-B428-D97F-F9ADD8E6239D} - C:\WINDOWS\system32\mhsl.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - (no file)
O4 - HKCU\..\Run: [Fzutwh] C:\Programmer\F?nts\fast.exe
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)

(4)
Start Ewido, scan og gem logfilen f.eks. på skrivebordet.

(5)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende fil(er):
C:\WINDOWS\system32\mhsl.dll
winjvd32.dll
winrkp32.dll
... og følgende mappe(r):
C:\Programmer\F?nts\

(6)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(7)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind sammen med loggen fra Ewido.
Avatar billede jab2003 Nybegynder
18. juni 2007 - 19:24 #4
Så har jeg prøvet at følge anvisningen så godt som muligt.

Desværre virkede min Ewido ikke, så kan ikke komme med en log fra den.

Selvom jeg fulgte vejledningen kunne jeg mystisk nok ikke finde følgende filer:

C:\WINDOWS\system32\mhsl.dll
winjvd32.dll
winrkp32.dll
... og følgende mappe(r):
C:\Programmer\F?nts\

Resten har jeg dog ordnet og har fået følgende log fra HijackThis:

Logfile of Trend Micro HijackThis v2.0.0
Scan saved at 18:58:43, on 18-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\X-Micro\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\VIRUSfighter\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\VIRUSfighter\bin\ZLH.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\X-Micro\Bluetooth-software\BTTray.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
C:\Programmer\Internet Explorer\iexplore.exe
F:\bootcd\wintools\autorun.exe
C:\DOCUME~1\JENSBR~1\LOKALE~1\Temp\HIJACK.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\X-Micro\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\X-Micro\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\X-Micro\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://java.irc.liveharmony.org:8080/java/cr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36F32DA3-0738-4E26-BAB4-D8B7FB22986F}: NameServer = 195.82.195.101,129.142.7.101
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\X-Micro\Bluetooth-software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 13241 bytes
Avatar billede levich Nybegynder
18. juni 2007 - 21:24 #5
Ewido er også lidt forældet, men er blevet erstattet af AVG-antispyware.

Hent AVG Anti-Spyware her: http://www.grisoft.com/doc/downloads-products/us/crp/0?prd=triasw.
Start AVG Anti-Spyware, opdater det, vælg fanebladet "scanner" og klik på "complete system scan".
Bagefter klik "apply all actions", "save report", "save report as", gem logfilen f.eks. på skrivebordet og kopier den herind til sidst.
Avatar billede jab2003 Nybegynder
19. juni 2007 - 09:26 #6
Så har jeg lavet et scan, men blev nødt til at gøre det i fejlsikret tilstand da den restartede under scanningen. Den fandt en del må jeg sige. Her er rapporten:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    09:05:04 19-06-2007

+ Scan result:   



HKU\S-1-5-21-2322712386-813958858-793999233-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned.
HKU\S-1-5-21-2322712386-813958858-793999233-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned.
HKU\S-1-5-21-2322712386-813958858-793999233-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned.
C:\Programmer\eMule\Incoming\Runtime GetDataBack for FAT and NTFS v3 03 patch crack multiLanguage with serial by ParadoX.zip/Runtime GetDataBack for FAT and NTFS v3 03 patch crack multiLanguage with serial by ParadoX.zip.exe -> Adware.Stud : Cleaned.
C:\Programmer\eMule\Incoming\getdataback_3.03_keygen.exe/crack.exe -> Adware.Virtumonde : Cleaned.
C:\Documents and Settings\Jens Brejl\Skrivebord\download\DVDFab Express 2.9.7.2 Crack WORKING.rar/crack.exe -> Downloader.Delf.agd : Cleaned.
C:\Documents and Settings\Jens Brejl\Skrivebord\download\DVDFab Gold 2.9.7.2 Crack WORKING(1).rar/crack.exe -> Downloader.Delf.agd : Cleaned.
C:\Documents and Settings\Jens Brejl\Skrivebord\download\DVDFab Platinum 2.9.7.2 Crack WORKING(2).rar/crack.exe -> Downloader.Delf.agd : Cleaned.
C:\Programmer\eMule\Incoming\getdataback_3.03_keygen.exe/keygen.exe -> Downloader.Nurech.ak : Cleaned.
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\CDE7O1AV\alt[2].exe -> Downloader.Tibs.lf : Cleaned.
C:\Documents and Settings\Jens Brejl\Skrivebord\download\AnyDVD.v6.0.7.0.Incl.Patch-dA.CLOwN.rar/AnyDVD v6.0.6.3 - v6.0.6.x Unblacklist.exe -> Dropper.Small : Cleaned.
C:\Documents and Settings\Jens Brejl\Skrivebord\Skrivebord\Jens\Cookies\jens@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@adrenaline[1].txt -> TrackingCookie.Adrenaline : Cleaned.
C:\Documents and Settings\Jens Brejl\Cookies\jens_brejl@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Jens Brejl\Cookies\jens_brejl@connextra[5].txt -> TrackingCookie.Connextra : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@connextra[4].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Jens Brejl\Cookies\jens_brejl@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\Jens Brejl\Skrivebord\Skrivebord\Jens\Cookies\jens@idot[1].txt -> TrackingCookie.Idot : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@info[1].txt -> TrackingCookie.Info : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@us.info[2].txt -> TrackingCookie.Info : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@www.info[1].txt -> TrackingCookie.Info : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Jens Brejl\Skrivebord\Skrivebord\Jens\Cookies\jens@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@navrcholu[3].txt -> TrackingCookie.Navrcholu : Cleaned.
C:\Documents and Settings\Jens Brejl\Cookies\jens_brejl@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\My old Disk Structure -- 04-11-13 0231AM\My old My old Disk Structure -- 04-11-13 0222AM\My old My old Documents and Settings\Jens Brejl\Cookies\jens brejl@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Jens Brejl\Cookies\jens_brejl@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\unzipped\StopTimer\timerstop.sys -> Trojan.ActivCrk.b : Cleaned.
C:\WINDOWS\system32\windev-49f9-1180.sys -> Trojan.Tibs.ab : Cleaned.
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\CDE7O1AV\alt[3].exe -> Trojan.Tibs.aj : Cleaned.
C:\WINDOWS\system32\wincom32.sys -> Trojan.Tibs.w : Cleaned.
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\CPEF45I7\alt[1].exe -> Trojan.Tibs.y : Cleaned.
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\GT678XAB\alt[1].exe -> Trojan.Tibs.y : Cleaned.
C:\WINDOWS\system32\alt.exe.exe -> Trojan.Tibs.y : Cleaned.
C:\WINDOWS\system32\pee.exe.exe -> Trojan.Tibs.y : Cleaned.


::Report end
Avatar billede Computer Hjælp (Gratis) Mester
19. juni 2007 - 09:52 #7
(( Ka' ikk' la' vær' -> Sådan går det når man forsøger sig med diverse 'elementer' fra eMule / keygen.exe / patch crack / ... -> *SUK* I må da snart lære det! ))
Avatar billede jab2003 Nybegynder
19. juni 2007 - 10:11 #8
JA, det er så også sidste gang jeg prøver det. Jeg havde en harddisk der var stået af og fandt et program der var 72 timer om at analysere den, og da jeg så skulle redde de filer der kunne kom den frem og sagde at programmet ikke var registreret. Så var gode råd dyre, og også for dyrt. Så det er sidste gang jeg prøver det. Det er nok det der har startet det hele :-(
Avatar billede levich Nybegynder
19. juni 2007 - 17:43 #9
Som du selv skriver, blev der nu fjernet en del. Send venligst en ny hijackthis-log og fortæl om computeren kører normalt nu.
Avatar billede Computer Hjælp (Gratis) Mester
10. august 2008 - 14:53 #10
Hvad endte denne tråd med ?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus 9 30/10/202312:12 15/12/202310:17
Jeg får en fejl på Enhedssikkerhed Af pouls i Virus 8 04/06/202321:28 05/06/202316:28
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 17:16 Optimer MySql table med ASP Af poulmadsen i ASP
I dag 09:27 Stegkode scanner med funktionsknap Af kulawig i Andet hardware
I dag 08:47 hjælp til film Af Carmen i Fri debat
I går 18:19 Fjerne adgangskode Af Geo" søster i Andet sikkerhed
I går 16:44 sletning af en årgang billeder i dropbox Af valsbol i Cloudtjenester
White papers
Flere white papers »


Premium
Teaser billede
Køber 25.000 Copilot-licenser af Microsoft i kæmpe-aftale - vil investere milliarder i AI
Læs mere »
"Når jeg engang ikke er her mere, så vil jeg gerne huskes som generøs lige som ham"
Det danske it-lovsystem skal moderniseres: Styrelse søger ene-leverandør til 10-årig kæmpe-kontrakt
7N fra København runder halvanden milliard kroner i omsætning: Beskæftiger nu 1.700 konsulenter
Se alle »
Computerworld
Teaser billede
På tur i BMW's mægtigste elbil: Sådan er livet ombord i en monumental million-ellert
Læs mere »
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Porno-giganterne Pornhub og XVideos skal indlevere materiale til EU
Test: Denne bærbar beviser, hvorfor man ikke skal handle laptop alene ud fra teknikbladet
Se alle »
CIO
Teaser billede
Nu kan mange flere opgradere deres gamle Windows 10-pc'er til Windows 11: Se om du kan opgradere
Læs mere »
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
På denne dato er det slut med udbredte versioner af Office: Microsoft vil have dig over på de dyrere E3-licenser
Microsoft skruer op for CPU-krav til den næste version af Windows 11: Færre brugere kan nu opdatere
Se alle »
Job & Karriere
Teaser billede
NNIT flytter til det centrale København: Her er selskabets nye hovedkvarter
Læs mere »
Knap 40 procent af disse it-folk tjener tjener mindst 57.000 kroner om måneden
Så meget tjener dine kollegaer: Her er alle data fra Computerworlds store it-lønstatistik for 2024
Medarbejderne fik udleveret badetøfler ved indflytningen: Kom med inden for i IBM Danmarks nye topmoderne hovedkontor
Se alle »
White paper
Teaser billede
Opdag fordelene ved cloud-baseret backup og recovery
Læs mere »
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Sådan høster du forretningsfordelene ved Internet of Things
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »