Noget spyware i denne log

Den kan ikke blive renere ;)

*GG*

->micca læg den herind så vi kan se på den ;O)

andersenph> den kommer nok snart: http://www.eksperten.dk/spm/460636  ;)

*LOL*
Vi venter.

..... :-/

Logfile of HijackThis v1.97.7
Scan saved at 19:52:05, on 14-02-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMB32.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FCH32.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FAMEH32.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\Programmer\WebSpeed Sikkerhedspakke\DFW\Program\fsdfwd.exe
C:\Programmer\Canon\MultiPASS4\MPDBMgr.exe
C:\Programmer\Canon\MultiPASS4\MPTBox.exe
C:\Programmer\inKline Global\PC Booster\pcbooster.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE
C:\Programmer\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe
C:\Programmer\Fælles filer\ACD Systems\EN\DevDetect.exe
C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Puffe\Skrivebord\SPYWARE OG VIRUSBESKYTTELSE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MPTBox] C:\Programmer\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PC Booster] C:\Programmer\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\WebSpeed Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [piiserviceOE] "C:\Programmer\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Programmer\Fælles filer\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38021.3627314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Der er ikke ret meget i den log - jeg kan ikke få øje på noget decideret snavs, men vent på fromsej, han er kanon til logs :)

Slå systemgendannelse fra.
Herunder er der nogle filer, som du skal fixe. Sæt en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt, at det eneste vindue som er åbent, er HijackThis-vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Så må du fixe. Klik på Fix checked. Efter fix skal du genstarte din computer.

Fix disse:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe –osboot

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab


Genstart og send en ny log herind.

Godmorgen...

Logfile of HijackThis v1.97.7
Scan saved at 09:33:04, on 15-02-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\Canon\MultiPASS4\MPTBox.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\inKline Global\PC Booster\pcbooster.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE
C:\Programmer\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe
C:\Programmer\Fælles filer\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
C:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\Program\BackWeb-7791805.exe
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMB32.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FCH32.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\Common\FAMEH32.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\Programmer\WebSpeed Sikkerhedspakke\DFW\Program\fsdfwd.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Puffe\Skrivebord\SPYWARE OG VIRUSBESKYTTELSE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MPTBox] C:\Programmer\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PC Booster] C:\Programmer\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\WebSpeed Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [piiserviceOE] "C:\Programmer\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Programmer\Fælles filer\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38021.3627314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Du kan fixe denne:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

Ellers ser din log ren ud.

ok tak...