Søg
Avatar billede xozzi Nybegynder
30. oktober 2005 - 19:15 Der er 8 kommentarer og
3 løsninger

HiJackThis Log (Spyware!)

Min computer har ekstremt mange popups hele tiden, det er mega træls.. og så kører den heller ikke lige helt 100..

Higjackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 19:14:21, on 30-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\Quickset.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\F-Secure\FSGUI\fsguiexe.exe
C:\Programmer\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRAMMER\AVANT BROWSER\AVANT.EXE
C:\Documents and Settings\Jakob Skallebæk\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.22.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.skjernts.dk;home.skjernts.dk;intranet.skjernts.dk;www.htxskjern.dk;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [] :
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] :C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] :C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BearShare] :"C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [TbpBe] :C:\WINDOWS\vceluh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [doEre2L9d] :C:\WINDOWS\yvmffjqf.exe
O4 - HKLM\..\Run: [msresearch] :c:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] c:\windows\sp2update00.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programmer\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O8 - Extra context menu item: Bloker alle billeder fra den samme server - C:\PROGRAMMER\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Marker forekomster af ord på denne side - C:\PROGRAMMER\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Søg på ord - C:\PROGRAMMER\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Tilføj til Ad Blocker - C:\PROGRAMMER\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Åbn alle links på denne side... - C:\PROGRAMMER\AVANT BROWSER\OpenAllLinks.htm
O8 - Extra context menu item: Åbn i ny Avant Browser - C:\PROGRAMMER\AVANT BROWSER\OpenInNewBrowser.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129931364671
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\o0660ajsedo60.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc.                          - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
Avatar billede xozzi Nybegynder
30. oktober 2005 - 19:30 #1
NEED HELP! :(

:o
Avatar billede arlet Juniormester
30. oktober 2005 - 19:56 #2
tjekker den nu
Avatar billede arlet Juniormester
30. oktober 2005 - 20:06 #3
Ewido skal du downloade her: http://www.ewido.net/en/download/ ( Vi skal bruge den senere)
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet.

-----------------------

Dr.Web skal du downloade her:ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

-----------------------


Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.22.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.skjernts.dk;home.skjernts.dk;intranet.skjernts.dk;www.htxskjern.dk;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx

O4 - HKLM\..\Run: [] :
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BearShare] :"C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TbpBe] :C:\WINDOWS\vceluh.exe
O4 - HKLM\..\Run: [doEre2L9d] :C:\WINDOWS\yvmffjqf.exe
O4 - HKLM\..\Run: [msresearch] :c:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] c:\windows\sp2update00.exe

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\o0660ajsedo60.dll


--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)
Find og slet disse manuelt :

C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\BearShare\BearShare.exe
C:\WINDOWS\vceluh.exe
C:\WINDOWS\yvmffjqf.exe
c:\windows\msresearch.exe
c:\windows\sp2update00.exe

-----------------------------

Stadig i fejlsikret:
Kør en fuld scanning med Dr.Web den starter med en hurtig hukommelsesscan, herefter når den er færdig, skal du markere dine drev, og så trykke på den lille grønne mand nede til højre.

Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med: Total session statistics

-------------------------------

Stadig i fejlsikret:
Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido
Avatar billede xozzi Nybegynder
30. oktober 2005 - 22:18 #4
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 195326
Infected objects found: 14
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 17
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 14
Objects renamed: 0
Objects moved: 0
Objects ignored: 4
Scan speed: 704 Kb/s
Scan time: 01:00:15
=============================================================================

Ved ewido scan kom jeg til at trykke fast scan, og tænkte... nåja den kan jeg lige tage først.. men gemte godnok ikke lige en log.. men den fandt 17 infected object i fast.. og til den full-scan så er loggen :


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            22:18:06, 30-10-2005
+ Report-Checksum:        7BC68C9F

+ Scan result:

    [708] C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Error during cleaning
    [1068] C:\WINDOWS\system32\whd_ci.dll -> Spyware.Look2Me : Error during cleaning
    C:\Documents and Settings\Jakob Skallebæk\Cookies\jakob skallebæk@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Cookies\jakob skallebæk@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Cookies\jakob skallebæk@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Cookies\jakob skallebæk@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Cookies\jakob skallebæk@microsofteup.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Cookies\jakob skallebæk@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Dokumenter\cphvt665.exe/run.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Lokale indstillinger\Temp\bw2.com -> Spyware.Zestyfind : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Lokale indstillinger\Temp\Cookies\jakob skallebæk@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Lokale indstillinger\Temp\Cookies\jakob skallebæk@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Lokale indstillinger\Temp\Cookies\jakob skallebæk@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Lokale indstillinger\Temp\Cookies\jakob skallebæk@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Lokale indstillinger\Temp\Cookies\jakob skallebæk@metacafe.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Lokale indstillinger\Temporary Internet Files\Content.IE5\3W31BJWE\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Lokale indstillinger\Temporary Internet Files\Content.IE5\9ZU1U801\AppWrap[1].exe -> Spyware.Zestyfind : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Lokale indstillinger\Temporary Internet Files\Content.IE5\VL1N5HXV\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
    C:\Documents and Settings\Jakob Skallebæk\Skrivebord\Ny mappe (3)\UPLINK_Serial.zip/crack.exe/ist1.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
    C:\installer.exe -> Spyware.Look2Me : Cleaned with backup
    C:\My Downloads\Street Hacker Full v1.0.4.zip/Setup.exe -> Worm.VB.an : Error during cleaning
    C:\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
    C:\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
    C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
    C:\WINDOWS\iconu.exe -> Spyware.Zestyfind : Cleaned with backup
    C:\WINDOWS\system32\aofsipc.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\azesearch4.ocx -> Spyware.AzSearch : Cleaned with backup
    C:\WINDOWS\system32\curtcli.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\dn6401jqe.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\gutuname.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\iasada.dll -> Spyware.AzSearch : Cleaned with backup
    C:\WINDOWS\system32\ifr6l59s1.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\ifsso.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\irr6l59s1.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\iyeshare.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\j06m0aj1edo.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\myhtmler.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\nrwdev.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\p24u0ch9ef4.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\sac_os.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\t4r80e9ueh.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\wicsapi.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\__delete_on_reboot__whd_ci.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jakob skallebæk@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\jakob skallebæk@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup


::Report End
Avatar billede xozzi Nybegynder
30. oktober 2005 - 22:24 #5
og hijackthis efter genstart:

Logfile of HijackThis v1.99.1
Scan saved at 22:24:33, on 30-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\Quickset.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\F-Secure\FSGUI\fsguiexe.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jakob Skallebæk\Skrivebord\hijackthis.exe
C:\Programmer\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\WINDOWS\system32\Notepad.exe
C:\Programmer\Avant Browser\avant.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] :C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] :C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programmer\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O8 - Extra context menu item: Bloker alle billeder fra den samme server - C:\Programmer\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Marker forekomster af ord på denne side - C:\Programmer\Avant Browser\Highlight.htm
O8 - Extra context menu item: Søg på ord - C:\Programmer\Avant Browser\Search.htm
O8 - Extra context menu item: Tilføj til Ad Blocker - C:\Programmer\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Åbn alle links på denne side... - C:\Programmer\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Åbn i ny Avant Browser - C:\Programmer\Avant Browser\OpenInNewBrowser.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129931364671
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\guard.tmp (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc.                          - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
Avatar billede arlet Juniormester
31. oktober 2005 - 16:40 #6
Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm
Avatar billede ejvindh Ekspert
31. oktober 2005 - 16:52 #7
Den O20'er skal også fixes (rest af VX2-infektion, som iøvrigt vist ikke er helt nedkæmpet endnu -- cf. Ewido-loggen).
Avatar billede arlet Juniormester
31. oktober 2005 - 17:16 #8
Tak ejvindh, den havde jeg overset..

xozzi -> Vi prøver lige en ekstra gang at få has på den..

Fix i hijackthis:
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\guard.tmp (file missing)

find og slet disse manuelt:
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\whd_ci.dll

genstart og ny hijackthis log
Avatar billede ejvindh Ekspert
31. oktober 2005 - 18:46 #9
Ellers, hvis det heller ikke hjælper, så prøv at følge denne fremgangsmåde:

Hent L2mfix.exe fra et af disse steder:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Gem filen på dit Skrivebord og dobbeltklik på l2mfix.exe. Klik på Install knappen og følg instruktionerne. Åben herefter den nye mappe der er dannet på dit Skrivebord (l2mfix). Dobbeltklik på l2mfix.bat og vælg option 1 (Run Find log) ved at taste "1" og "Enter". Din computer bliver nu scannet - efter et par minutter åbnes en tekstfil i Notesblok. Kopier indholdet herind.

NB: Du må ikke køre option 2 eller andre af filerne i l2mfix mappen, før du er blevet bedt om det.
Avatar billede xozzi Nybegynder
31. oktober 2005 - 21:46 #10
problemerne ligger egentlig på min vens bærbar, derfor jeg ikke svarer, men når jeg næste gang tager over til min ven så retter jeg videre :)
Avatar billede arlet Juniormester
26. december 2005 - 22:11 #11
Har du brug for mere hjælp, eller har du fået dit spørgsmål besvaret??, for så skal du huske at lukke dit spørgsmål pænt igen ved at marker mit navn i boksen til venstre og tryk accepter..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:09 problem med download i <a href=" " download> tag i JavaScript Af Peer i JavaScript
I går 18:26 Problemer med Prestashop Af BCP i E-handel
I går 18:10 Google Home Af birdbrain i Apps til iOS
I går 14:46 Microsoft vil "stjæle" mine login oplysninger Af mort1 i Windows
I går 14:35 trådløst tastatur Af ole i Andet hardware
White papers
Flere white papers »