Søg
Avatar billede marvel Praktikant
04. januar 2006 - 14:58 Der er 8 kommentarer og
1 løsning

"Spyware infection"-skilt på skrivebordet.. hijackthis logfil

Hej
Jeg har rodet mig ud i noget snavs. Jeg tror det meste af infektionen er fjernet (m. Ewido) men ville meget gerne have en til at kigge på denne logfil. Håber meget I kan hjælpe :-)

Logfile of HijackThis v1.99.1
Scan saved at 14:54:45, on 04-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Mathilde Clausen\Skrivebord\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmer\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O10 - Broken Internet access because of LSP provider 'c:\programmer\newdotnet\newdotnet6_98.dll' missing
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120754055500
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: docent0 - C:\WINDOWS\SYSTEM32\docent0.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede marvel Praktikant
04. januar 2006 - 15:00 #1
der lå tidligere et paytime.exe i startup, hvis det kunne have nogen interesse.. Den var ikke sådan lige til at fjerne
Avatar billede marvel Praktikant
04. januar 2006 - 15:10 #2
Jeg får sørme også tre fejlmeddelser v. startup: cli.exe kan ikke initialiseres. Jeg har hentet og installeret .Net 1.1 uden held. Skal jeg afinstallere og geninstallere ATI driverne og/eller .Net igen?
Avatar billede marvel Praktikant
04. januar 2006 - 15:12 #3
Ja, jeg taler til mig selv - ved det godt. Men her kommer lige scan reporten fra Ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:            14:12:18, 04-01-2006
+ Report-Checksum:        435B149B

+ Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1 -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1 -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-1606980848-448539723-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
    [232] C:\Programmer\NewDotNet\newdotnet6_98.dll -> Spyware.NewDotNet : Cleaned with backup
    [488] C:\Programmer\NewDotNet\newdotnet6_98.dll -> Spyware.NewDotNet : Error during cleaning
    C:\Documents and Settings\Mathilde Clausen\Lokale indstillinger\Temp\120.tmp -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\Documents and Settings\Mathilde Clausen\Lokale indstillinger\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Cleaned with backup
    C:\Documents and Settings\Mathilde Clausen\Lokale indstillinger\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Cleaned with backup
    C:\Documents and Settings\Mathilde Clausen\Lokale indstillinger\Temp\nszBE.tmp\NNMETA638.EXE -> Spyware.NewDotNet : Cleaned with backup
    C:\Documents and Settings\Mathilde Clausen\Lokale indstillinger\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup
    C:\Documents and Settings\Mathilde Clausen\Lokale indstillinger\Temp\svchst.exe -> Downloader.Small.caf : Cleaned with backup
    C:\Documents and Settings\Mathilde Clausen\Lokale indstillinger\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
    C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Cleaned with backup
    C:\Programmer\Need2Find -> Spyware.Need2Find : Cleaned with backup
    C:\Programmer\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    C:\Programmer\Need2Find\bar\1.bin -> Spyware.Need2Find : Cleaned with backup
    C:\Programmer\Need2Find\bar\1.bin\N2FFXTBR.JAR -> Spyware.Need2Find : Cleaned with backup
    C:\Programmer\Need2Find\bar\1.bin\N2NTSTBR.JAR -> Spyware.Need2Find : Cleaned with backup
    C:\Programmer\Need2Find\bar\1.bin\N2PLUGIN.DLL -> Spyware.Need2Find : Cleaned with backup
    C:\Programmer\Need2Find\bar\1.bin\ND2FNBAR.DLL -> Spyware.Need2Find : Cleaned with backup
    C:\Programmer\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.Need2Find : Cleaned with backup
    C:\Programmer\Need2Find\bar\1.bin\PARTNER.DAT -> Spyware.Need2Find : Cleaned with backup
    C:\Programmer\NewDotNet\newdotnet6_98.dll -> Spyware.NewDotNet : Cleaned with backup
    C:\Programmer\NewDotNet\uninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\Programmer\NewDotNet\uninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\country.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
    C:\WINDOWS\ms1.exe -> Downloader.Tiny.al : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\drivers\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\WINDOWS\system32\paradise.raw -> Proxy.Lager.f : Cleaned with backup
    C:\WINDOWS\system32\service\explorer.exe -> Logger.Agent.ew : Cleaned with backup
    C:\WINDOWS\system32\sywsvcs.exe -> Proxy.Lager.f : Cleaned with backup
    C:\WINDOWS\Temp\Altnet -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\adm.exe -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\adm25.dll -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\adm4.dll -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\admdata.dll -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\admdloader.dll -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\admfdi.dll -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\admprog.dll -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\Atl.dll -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Cleaned with backup
    C:\WINDOWS\timessquare.exe -> Hijacker.StartPage.aw : Cleaned with backup
    C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
    C:\WINDOWS\tool3.exe -> Downloader.Small.bwr : Cleaned with backup
    C:\WINDOWS\tool4.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\toolbar.exe -> Downloader.Adload.j : Cleaned with backup


::Report End

og startup reporten:

---------------------------------------------------------
ewido anti-malware - Startup report
---------------------------------------------------------

+ Created on:            14:14:07, 04-01-2006
+ Report-Checksum:        C11CB890

Reg\HKLM\Run        ccApp                                    "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"                                             
Reg\HKLM\Run        ccRegVfy                                "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"                                         
Reg\HKLM\Run        Symantec NetDriver Monitor              C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer                                                         
Reg\HKLM\Run        ATIPTA                                  C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe                                     
Reg\HKLM\Run        ATICCC                                  "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime                                           
Reg\HKLM\Run        Easy-PrintToolBox                        C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon                                         
Reg\HKLM\Run        AdaptecDirectCD                          "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"                                     
Reg\HKLM\Run        iTunesHelper                            "C:\Programmer\iTunes\iTunesHelper.exe"                                                           
Reg\HKLM\Run        QuickTime Task                          "C:\Programmer\QuickTime\qttask.exe" -atboottime                                                   
Reg\HKLM\Run        TkBellExe                                "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot                                 
Reg\HKLM\Run        MXOBG                                    C:\WINDOWS\MXOALDR.EXE                                                                             
Reg\HKLM\Run        SunJavaUpdateSched                      C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe                                                     
Reg\HKLM\Run        New.net Startup                          rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s                                       
Reg\HKLM\Run        NeroCheck                                C:\WINDOWS\system32\NeroCheck.exe                                                                 
Reg\HKCU\Run        ctfmon.exe                              C:\WINDOWS\system32\ctfmon.exe                                                                     
Reg\HKCU\Run        msnmsgr                                  "C:\Programmer\MSN Messenger\msnmsgr.exe" /background                                             
Reg\HKCU\Run        H/PC Connection Agent                    "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"                                                 
Shell\CommonStartup  Adobe Gamma Loader.lnk                  C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Gamma Loader.lnk           
Shell\CommonStartup  Adobe Reader Speed Launch.lnk            C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk   
Shell\CommonStartup  ATI CATALYST System Tray.lnk            C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\ATI CATALYST System Tray.lnk     
Shell\CommonStartup  Microsoft Office.lnk                    C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk             
Shell\UserStartup    SpywareGuard.lnk                        C:\Documents and Settings\Mathilde Clausen\Menuen Start\Programmer\Start\SpywareGuard.lnk         

Nu skulle der være lidt at kigge på  :-)
Avatar billede arlet Juniormester
04. januar 2006 - 16:15 #4
Hent CWSHredder herfra: http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe
Kør CWShredder, opdater CWSHredder. Luk CWSHredder. Så skal du afbryde din internetforbindelse fysisk(stikket ud), deaktiver ALLE sikkerhedsprogrammer.

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)

Åbn CWSHredder, klik på Fix, så scanner denog fixer det den finder .Når den er færdig, så trykker du på Next, og bagefter på Exit..

Genstart normalt og ny hijackthis log
Avatar billede marvel Praktikant
04. januar 2006 - 16:51 #5
Da maskinen gik totalt i kuk-kuk hoppede jeg et par dage tilbage vha systemgendannelsen og nu lader den til at være ok igen. Jeg smider lige en ny log om lidt. Tak for hjælpen indtil videre
Avatar billede marvel Praktikant
04. januar 2006 - 17:59 #6
endnu en logfil:

Logfile of HijackThis v1.99.1
Scan saved at 17:59:30, on 04-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mathilde Clausen\Skrivebord\antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmer\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120754055500
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede marvel Praktikant
04. januar 2006 - 21:43 #7
smider du ikke et svar arlet, så lukker jeg tråden. Har løst problemet.
Avatar billede arlet Juniormester
04. januar 2006 - 21:45 #8
jo.

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan se her : www.arlet.dk/pakke.htm
Avatar billede marvel Praktikant
04. januar 2006 - 22:07 #9
jeps, jeg har set den i et tidligere spørgsmål, Glimrende idé bortset fra at man jo skal have 17 forskellige anti-dit og dat kørende for ikke at blive inficeret.. Skidt skidt! Men tak for hjælpen
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
hvilken afløser kan I anbefale? Af jcr18 i Andet sikkerhed 5 17/03/202610:32 18/03/202615:36
Advarsler om datalæk for nogle apps Af nu_igen i Andet sikkerhed 6 02/02/202614:54 03/02/202613:45
Mail fra Yousee ? Svindel? Af nu_igen i Andet sikkerhed 4 13/01/202617:27 14/01/202609:36
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 10:22 Makro der gemmer vedhæftet fil fra Msg og omdøber filen Af lokesa i Excel
I går 13:45 Kablet forbindelse mellem android telefon og windows 11 pc Af 1Dorte i Android
I går 12:04 Elementtype vises - og ikke billedet? Af hkprofil i Billedbehandling
29/0312:08 Problemer med replay af købte kursusvideoer Af annam i Browsere
28/0311:18 DENVER DVB-tMPEG-4 HD TUNER Af ole falsted i Fjernsyn & projektorer
White papers
Flere white papers »