Hejsa xstrem

Norton kan ikke reparere ret meget, hvis du spørger mig.

Nok om det.

Følg vejledningen her: http://www.spywarefri.dk/hjtanv.htm (punkt 6). Fix disse med HijackThis:

O4 - HKLM/../Run: [Internet Optimizer] “C:/Program Files/Internet Optimizer/optimize.exe”
O4 - HKLM/../Run: [ap9h4qmo] C:/WINDOWS/system32/ap9h4qmo.exe
——————————————————————————————————————————————————————————————
Vi skal kunne se dine skjulte filer for at finde snavs, der skal slettes manuelt. Det er en del af processen.

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.

For Windows 98 gælder:

Åbn en mappe, klik på Vis=>Mappeindstillinger=>Vis.
Fjern flueben i “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis alle filer”.

—————————————————————————————————————————————————————————-
Disse programmer skal slettes i fejlsikret tilstand. Du genstarter og trykker F8 når Windows starter op.

Søg efter disse filer:

C:/WINDOWS/system32/ap9h4qmo.exe

Søg efter disse mapper:

C:/Program Files/Internet Optimizer

Hent den her scanner:
http://www.spywareinfo.dk/download/mwav.exe

Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Den skanner nu, og dette kan godt tage et par timer.
——————————————————————————————
Derefter genstarter du og sender en ny log ind til check

Det vil altså sige at det vi betaler 300kr om året for noget der ikke er godt? Når men jeg vil lige gøre det du har sagt:). Det med Internet optimizeren, fik jeg af en ven, som sagde at ens internet blev hurtigere. Passer det`?

Okay. Så har jeg gjort som du har sagt. kaspersky scannern, kunne ikke afhjælpe følgene problemer: “ADware.Sahat.I den kommer og siger “No actions taken” Der står også No actions taken ved disse: “AdWare.ToolBar.404search.a” ,”  AdWare.ToolBar.404search.a” og “AdWare.VirtualBouncher.j.” Hvad skal jeg gøre ved disse?

Det kan godt være det bliver hurtigere, men det er fyldt med skidt, så ud med det.
Det Mwav fandt med Adware, i hvilke mapper ligger det?
Ang. Norton jeg skulle have 300,- i timen for at have det på min, det er ikke pengene værd.

Lad os se en ny log.

Jeg skal lige scanne den igennem engang til så, for at se vilke mapper de lå i.

Jeg kunne iøvrigt ikke finde ap9hqmo.exe også selv om jeg søgte efter den i “Søg”

Hvilket antivirus og firewall ville i så anbefale? Det må ikke koste over 300kr om året.

Her er en ny log.

Logfile of HijackThis v1.99.0
Scan saved at 12:48:02, on 05-03-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/Programmer/Fælles filer/Symantec Shared/ccProxy.exe
C:/Programmer/Fælles filer/Symantec Shared/ccSetMgr.exe
C:/Programmer/Norton Internet Security/Norton AntiVirus/navapsvc.exe
C:/Programmer/Norton Internet Security/Norton AntiVirus/SAVScan.exe
C:/WINDOWS/Explorer.EXE
C:/Programmer/Fælles filer/Symantec Shared/SNDSrvc.exe
C:/WINDOWS/System32/svchost.exe
C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
C:/Programmer/Fælles filer/Symantec Shared/Security Center/SymWSC.exe
C:/WINDOWS/System32/hkcmd.exe
C:/Programmer/Java/j2re1.4.2_03/bin/jusched.exe
C:/Programmer/Dell/Media Experience/PCMService.exe
C:/WINDOWS/System32/DSentry.exe
C:/WINDOWS/system32/dla/tfswctrl.exe
C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/Program Files/Media Pass/MediaPass.exe
C:/WINDOWS/system32/ctfmon.exe
C:/Programmer/MSN Messenger/msnmsgr.exe
C:/Program Files/Media Pass/MediaPassK.exe
C:/Programmer/SpywareGuard/sgmain.exe
C:/Programmer/SpywareGuard/sgbhp.exe
C:/Programmer/Internet Explorer/iexplore.exe
C:/Kaspersky/mwavscan.com
C:/Kaspersky/kavss.exe
C:/Programmer/Messenger/msmsgs.exe
C:/Documents and Settings/Kalle Jensen/Skrivebord/Skrivebord/hijackthis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:/Programmer/SpywareGuard/dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:/WINDOWS/system32/dla/tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:/Programmer/Fælles filer/Symantec Shared/AdBlocking/NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Programmer/Norton Internet Security/Norton AntiVirus/NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:/Programmer/Xi/NetTransport 2/NTIEHelper.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:/Programmer/Fælles filer/Symantec Shared/AdBlocking/NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Programmer/Norton Internet Security/Norton AntiVirus/NavShExt.dll
O4 - HKLM/../Run: [IgfxTray] C:/WINDOWS/System32/igfxtray.exe
O4 - HKLM/../Run: [HotKeysCmds] C:/WINDOWS/System32/hkcmd.exe
O4 - HKLM/../Run: [SunJavaUpdateSched] C:/Programmer/Java/j2re1.4.2_03/bin/jusched.exe
O4 - HKLM/../Run: [PCMService] “C:/Programmer/Dell/Media Experience/PCMService.exe”
O4 - HKLM/../Run: [DVDSentry] C:/WINDOWS/System32/DSentry.exe
O4 - HKLM/../Run: [dla] C:/WINDOWS/system32/dla/tfswctrl.exe
O4 - HKLM/../Run: [UpdateManager] “C:/Programmer/Fælles filer/Sonic/Update Manager/sgtray.exe” /r
O4 - HKLM/../Run: [ccApp] “C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [URLLSTCK.exe] C:/Programmer/Norton Internet Security/UrlLstCk.exe
O4 - HKLM/../Run: [Symantec NetDriver Monitor] C:/PROGRA~1/SYMNET~1/SNDMon.exe
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe”  -osboot
O4 - HKLM/../Run: [IMJPMIG8.1] “C:/WINDOWS/IME/imjp8_1/IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM/../Run: [IMEKRMIG6.1] C:/WINDOWS/ime/imkr6_1/IMEKRMIG.EXE
O4 - HKLM/../Run: [Media Pass] C:/Program Files/Media Pass/MediaPass.exe
O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/system32/ctfmon.exe
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/msnmsgr.exe” /background
O4 - Startup: SpywareGuard.lnk = C:/Programmer/SpywareGuard/sgmain.exe
O8 - Extra context menu item: Download alle med Net Transport - C:/Programmer/Xi/NetTransport 2/NTAddList.html
O8 - Extra context menu item: Download med Net Transport - C:/Programmer/Xi/NetTransport 2/NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/system32/Msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/system32/Msjava.dll
O9 - Extra button: @C:/Programmer/Messenger/Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/msmsgs.exe
O9 - Extra ‘Tools’ menuitem: @C:/Programmer/Messenger/Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c336.cab
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:/Programmer/Fælles filer/Macromedia Shared/Service/Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect - Symantec Corporation - C:/Programmer/Norton Internet Security/Norton AntiVirus/navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:/Programmer/Norton Internet Security/Norton AntiVirus/SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:/PROGRA~1/FÆLLES~1/SYMANT~1/SCRIPT~1/SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/Security Center/SymWSC.exe

Hmm?? Det tog kun ca. 1 kvarter at scanne min computer igennem, hvordan kan det være`? Harddiscen er på 80gb. Når men den fandt en masse mere snavs kaspersky. her er de:

File C:/PROGRA~2/MEDIAP~1/MEDIAP~1.EXE tagged as not-a-
virus:AdWare.WinAD.ab. No Action Taken.

File C:/WINDOWS/70tovmto.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.

File C:/WINDOWS/system32/2b3fsk0h.dll tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:/WINDOWS/system32/bln02nqv.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.

File C:/WINDOWS/system32/c17b6s.dll tagged as not-a-virus:AdWare.ToolBar.404Search.a. No Action Taken.

File C:/WINDOWS/system32/gah95on6.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.

File C:/WINDOWS/system32/k404SearchSetup_MS28.exe tagged as not-a-virus:AdWare.ToolBar.404Search.a. No Action Taken.

File C:/WINDOWS/system32/SplWbr.dll tagged as not-a-virus:AdWare.VirtualBouncer.j. No Action Taken.

Hvad skal jeg gøre?

Hej Extrem

Når du kender de adresser der, så syntes jeg du skal fjerne dem manuelt. Evt. fra fejlsikret tilstand.

Okay da. Her er en ny hijackthis log. Er der noget at se?

Logfile of HijackThis v1.99.0
Scan saved at 18:17:14, on 05-03-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/Programmer/Fælles filer/Symantec Shared/ccProxy.exe
C:/Programmer/Fælles filer/Symantec Shared/ccSetMgr.exe
C:/Programmer/Norton Internet Security/Norton AntiVirus/navapsvc.exe
C:/Programmer/Norton Internet Security/Norton AntiVirus/SAVScan.exe
C:/Programmer/Fælles filer/Symantec Shared/SNDSrvc.exe
C:/WINDOWS/System32/svchost.exe
C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
C:/Programmer/Fælles filer/Symantec Shared/Security Center/SymWSC.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/System32/hkcmd.exe
C:/Programmer/Java/j2re1.4.2_03/bin/jusched.exe
C:/Programmer/Dell/Media Experience/PCMService.exe
C:/WINDOWS/System32/DSentry.exe
C:/WINDOWS/system32/dla/tfswctrl.exe
C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/Program Files/Media Pass/MediaPass.exe
C:/WINDOWS/system32/ctfmon.exe
C:/Programmer/MSN Messenger/msnmsgr.exe
C:/Program Files/Media Pass/MediaPassK.exe
C:/Programmer/SpywareGuard/sgmain.exe
C:/Programmer/SpywareGuard/sgbhp.exe
C:/Programmer/Internet Explorer/iexplore.exe
C:/WINDOWS/System32/msiexec.exe
C:/Programmer/Messenger/msmsgs.exe
C:/Documents and Settings/Kalle Jensen/Skrivebord/Skrivebord/hijackthis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:/Programmer/SpywareGuard/dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:/WINDOWS/system32/dla/tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:/Programmer/Fælles filer/Symantec Shared/AdBlocking/NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Programmer/Norton Internet Security/Norton AntiVirus/NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:/Programmer/Xi/NetTransport 2/NTIEHelper.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:/Programmer/Fælles filer/Symantec Shared/AdBlocking/NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Programmer/Norton Internet Security/Norton AntiVirus/NavShExt.dll
O4 - HKLM/../Run: [IgfxTray] C:/WINDOWS/System32/igfxtray.exe
O4 - HKLM/../Run: [HotKeysCmds] C:/WINDOWS/System32/hkcmd.exe
O4 - HKLM/../Run: [SunJavaUpdateSched] C:/Programmer/Java/j2re1.4.2_03/bin/jusched.exe
O4 - HKLM/../Run: [PCMService] “C:/Programmer/Dell/Media Experience/PCMService.exe”
O4 - HKLM/../Run: [DVDSentry] C:/WINDOWS/System32/DSentry.exe
O4 - HKLM/../Run: [dla] C:/WINDOWS/system32/dla/tfswctrl.exe
O4 - HKLM/../Run: [UpdateManager] “C:/Programmer/Fælles filer/Sonic/Update Manager/sgtray.exe” /r
O4 - HKLM/../Run: [ccApp] “C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [URLLSTCK.exe] C:/Programmer/Norton Internet Security/UrlLstCk.exe
O4 - HKLM/../Run: [Symantec NetDriver Monitor] C:/PROGRA~1/SYMNET~1/SNDMon.exe
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe”  -osboot
O4 - HKLM/../Run: [IMJPMIG8.1] “C:/WINDOWS/IME/imjp8_1/IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM/../Run: [IMEKRMIG6.1] C:/WINDOWS/ime/imkr6_1/IMEKRMIG.EXE
O4 - HKLM/../Run: [Media Pass] C:/Program Files/Media Pass/MediaPass.exe
O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/system32/ctfmon.exe
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/msnmsgr.exe” /background
O4 - Startup: SpywareGuard.lnk = C:/Programmer/SpywareGuard/sgmain.exe
O8 - Extra context menu item: Download alle med Net Transport - C:/Programmer/Xi/NetTransport 2/NTAddList.html
O8 - Extra context menu item: Download med Net Transport - C:/Programmer/Xi/NetTransport 2/NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/system32/Msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/system32/Msjava.dll
O9 - Extra button: @C:/Programmer/Messenger/Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/msmsgs.exe
O9 - Extra ‘Tools’ menuitem: @C:/Programmer/Messenger/Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:/Programmer/Fælles filer/Macromedia Shared/Service/Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect - Symantec Corporation - C:/Programmer/Norton Internet Security/Norton AntiVirus/navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:/Programmer/Norton Internet Security/Norton AntiVirus/SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:/PROGRA~1/FÆLLES~1/SYMANT~1/SCRIPT~1/SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/Security Center/SymWSC.exe

Prøv lige at uploade de to filer her hos Jotti:
C:/Program Files/Media Pass/MediaPass.exe
C:/Program Files/Media Pass/MediaPassK.exe

http://virusscan.jotti.org/

Vend tilbage med resultaterne, ellers er der ikke noget at komme efter i loggen.

Det ser ikke så godt ud. Det ser ud som om at det er adware her er resultaterne:

File:  MediaPass.exe

Status:  MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren’t packed and don’t force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) 
Packers detected:  UPX
 
AntiVir No viruses found (0.79 seconds taken)

Avast No viruses found (1.51 seconds taken)

AVG Antivirus No viruses found (0.49 seconds taken)

BitDefender No viruses found (0.52 seconds taken)

ClamAV No viruses found (0.62 seconds taken)

Dr.Web No viruses found (0.88 seconds taken)

F-Prot Antivirus No viruses found (0.14 seconds taken)

Fortinet No viruses found (0.46 seconds taken)

Kaspersky Anti-Virus No viruses found (1.02 seconds taken)

mks_vir No viruses found (0.37 seconds taken)

NOD32 No viruses found (0.59 seconds taken)

Norman Virus Control No viruses found (0.91 seconds taken)

—-

File:  MediaPassK.exe

Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain in the ass -, results will not be stored in the database.)

Packers detected:  UPX
 
AntiVir No viruses found (0.38 seconds taken)

Avast No viruses found (1.53 seconds taken)

AVG Antivirus No viruses found (0.50 seconds taken)

BitDefender Adware.Prevad.A (0.50 seconds taken)

ClamAV No viruses found (0.60 seconds taken)

Dr.Web No viruses found (0.87 seconds taken)

F-Prot Antivirus No viruses found (0.11 seconds taken)

Fortinet No viruses found (0.47 seconds taken)

Kaspersky Anti-Virus not-a-virus:AdWare.WinAD.ab (1.01 seconds taken)

mks_vir .Prevad (0.22 seconds taken)

NOD32 No viruses found (0.54 seconds taken)

Norman Virus Control No viruses found (0.68 seconds taken)

Skal jeg bare fixe de 2?

Hejsa

Ja start op i fejlsikret tilstand og slet dem.

Kom med en ny log efter du har genstartet.

Okay, så er det gjort her er en ny logfil.

Logfile of HijackThis v1.99.0
Scan saved at 17:05:35, on 06-03-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/Programmer/Fælles filer/Symantec Shared/ccProxy.exe
C:/Programmer/Fælles filer/Symantec Shared/ccSetMgr.exe
C:/Programmer/Norton Internet Security/Norton AntiVirus/navapsvc.exe
C:/Programmer/Norton Internet Security/Norton AntiVirus/SAVScan.exe
C:/Programmer/Fælles filer/Symantec Shared/SNDSrvc.exe
C:/WINDOWS/System32/svchost.exe
C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
C:/Programmer/Fælles filer/Symantec Shared/Security Center/SymWSC.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/System32/hkcmd.exe
C:/Programmer/Java/j2re1.4.2_03/bin/jusched.exe
C:/Programmer/Dell/Media Experience/PCMService.exe
C:/WINDOWS/System32/DSentry.exe
C:/WINDOWS/system32/dla/tfswctrl.exe
C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/WINDOWS/system32/ctfmon.exe
C:/Programmer/MSN Messenger/msnmsgr.exe
C:/Programmer/SpywareGuard/sgmain.exe
C:/Programmer/SpywareGuard/sgbhp.exe
C:/Programmer/Internet Explorer/iexplore.exe
C:/Programmer/Messenger/msmsgs.exe
C:/Documents and Settings/Kalle Jensen/Skrivebord/Skrivebord/hijackthis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:/Programmer/SpywareGuard/dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:/WINDOWS/system32/dla/tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:/Programmer/Fælles filer/Symantec Shared/AdBlocking/NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Programmer/Norton Internet Security/Norton AntiVirus/NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:/Programmer/Xi/NetTransport 2/NTIEHelper.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:/Programmer/Fælles filer/Symantec Shared/AdBlocking/NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Programmer/Norton Internet Security/Norton AntiVirus/NavShExt.dll
O4 - HKLM/../Run: [IgfxTray] C:/WINDOWS/System32/igfxtray.exe
O4 - HKLM/../Run: [HotKeysCmds] C:/WINDOWS/System32/hkcmd.exe
O4 - HKLM/../Run: [SunJavaUpdateSched] C:/Programmer/Java/j2re1.4.2_03/bin/jusched.exe
O4 - HKLM/../Run: [PCMService] “C:/Programmer/Dell/Media Experience/PCMService.exe”
O4 - HKLM/../Run: [DVDSentry] C:/WINDOWS/System32/DSentry.exe
O4 - HKLM/../Run: [dla] C:/WINDOWS/system32/dla/tfswctrl.exe
O4 - HKLM/../Run: [UpdateManager] “C:/Programmer/Fælles filer/Sonic/Update Manager/sgtray.exe” /r
O4 - HKLM/../Run: [ccApp] “C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [URLLSTCK.exe] C:/Programmer/Norton Internet Security/UrlLstCk.exe
O4 - HKLM/../Run: [Symantec NetDriver Monitor] C:/PROGRA~1/SYMNET~1/SNDMon.exe
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe”  -osboot
O4 - HKLM/../Run: [IMJPMIG8.1] “C:/WINDOWS/IME/imjp8_1/IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM/../Run: [IMEKRMIG6.1] C:/WINDOWS/ime/imkr6_1/IMEKRMIG.EXE
O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/system32/ctfmon.exe
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/msnmsgr.exe” /background
O4 - Startup: SpywareGuard.lnk = C:/Programmer/SpywareGuard/sgmain.exe
O8 - Extra context menu item: Download alle med Net Transport - C:/Programmer/Xi/NetTransport 2/NTAddList.html
O8 - Extra context menu item: Download med Net Transport - C:/Programmer/Xi/NetTransport 2/NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/system32/Msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/system32/Msjava.dll
O9 - Extra button: @C:/Programmer/Messenger/Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/msmsgs.exe
O9 - Extra ‘Tools’ menuitem: @C:/Programmer/Messenger/Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:/Programmer/Fælles filer/Macromedia Shared/Service/Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect - Symantec Corporation - C:/Programmer/Norton Internet Security/Norton AntiVirus/navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:/Programmer/Norton Internet Security/Norton AntiVirus/SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:/PROGRA~1/FÆLLES~1/SYMANT~1/SCRIPT~1/SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:/Programmer/Fælles filer/Symantec Shared/Security Center/SymWSC.exe

Hej xstrem

Den eneste du bør fixe er denne:

O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe” -osboot

Og fra fejlsikret tilstand finde og fjerne realsched.exe filen.

Så er der ikke noget at komme efter i den log, og vi behøver ikke se flere fra dig.

Pakken har du jo sikkeret allerede kigget i, hvis ikke, så ligger den her:
http://www.spywarefri.dk/pakken.htm

I er sku gode! Giver nok også snart et lille tilskud .

Hvorfor er TKbellexe fra Realoneplayer. Det er da ikke spyware? Eller hvad??