Søg
Avatar billede babyboy Nybegynder
25. januar 2006 - 12:05 Der er 7 kommentarer og
2 løsninger

Nogle der har tid til at kigge på min hijacklog?

Fra dr. web:

Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 69441
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 1
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1307 Kb/s
Scan time: 00:40:04
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 69539
Infected objects found: 3
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 1
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1307 Kb/s
Scan time: 00:40:28
=============================================================================

Fra Ewido:

+ Scan result:

    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@data4.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@ehg-deltatre.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@ehg-nokiafin.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@ehg-sonyesolutions.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@polo.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@sonycorporate.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@stats.adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\AnhDu Vu\Cookies\anhdu vu@weborama[1].txt -> Spyware.Cookie.Weborama : Cleaned with backup

Fra Hijackthis:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\AnhDu Vu\Skrivebord\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\sstuu.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmer\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmer\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: sstuu - C:\WINDOWS\system32\sstuu.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Håber i vil hjælpe min langsomme computer.
Avatar billede ejvindh Ekspert
25. januar 2006 - 12:27 #1
Jeg kigger på den :-)
Avatar billede ejvindh Ekspert
25. januar 2006 - 12:42 #2
Du har lidt forskelligt i din log.

Download denne, og gem den på dit skrivebord:
http://www.wilderssecurity.net/downloads/rbkiller.exe

Hent dette program, og gem det på skrivebordet.
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.

Det sker sommetider at fixet afslutter med "BSOD"(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.

Når computeren er genstartet, kører du rbkiller.exe, og følger instruksionerne. Genstart herefter computeren igen.

Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind. Der kommer også en fil, der hedder scanlog.txt -- den skal du også lægge herind. Endelig må du gerne lave en ny HJT-log, som du lægger herind.
Avatar billede babyboy Nybegynder
25. januar 2006 - 14:39 #3
Hej igen.. tak for dine 2 programmer...

de sidste program som er rbkiller ser ud ikke ud til at virke på min computer.. Der står Rapidblaster is not detected eller i noget den stil. hmm...
Avatar billede babyboy Nybegynder
25. januar 2006 - 14:42 #4
men fra det forrige programer har jeg logfilen her:


[01/25/2006, 14:24:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\AnhDu Vu\Skrivebord\VirtumundoBeGone.exe" )
[01/25/2006, 14:24:20] - Detected System Information:
[01/25/2006, 14:24:20] -  Windows Version: 5.1.2600, Service Pack 2
[01/25/2006, 14:24:20] -  Current Username: AnhDu Vu (Admin)
[01/25/2006, 14:24:20] -  Windows is in NORMAL mode.
[01/25/2006, 14:24:21] - Searching for Browser Helper Objects:
[01/25/2006, 14:24:21] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/25/2006, 14:24:21] -  BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[01/25/2006, 14:24:21] -  BHO 3: {83A5F7B7-DC75-44CE-9195-264F41709FA9} (ATLDistrib Object)
[01/25/2006, 14:24:21] - ALERT: Found ATLDistrib Object!
[01/25/2006, 14:24:21] -  BHO 4: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[01/25/2006, 14:24:21] -  BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/25/2006, 14:24:21] - Finished Searching Browser Helper Objects
[01/25/2006, 14:24:21] - *** Detected ATLDistrib Object
[01/25/2006, 14:24:21] - Trying to remove ATLDistrib Object...
[01/25/2006, 14:24:22] -    Terminating Process: IEXPLORE.EXE
[01/25/2006, 14:24:23] -    Terminating Process: RUNDLL32.EXE
[01/25/2006, 14:24:23] -    Disabling Automatic Shell Restart
[01/25/2006, 14:24:23] -    Terminating Process: EXPLORER.EXE
[01/25/2006, 14:24:23] -    Suspending the NT Session Manager System Service
[01/25/2006, 14:24:23] -    Terminating Windows NT Logon/Logoff Manager
[01/25/2006, 14:24:24] -    Re-enabling Automatic Shell Restart
[01/25/2006, 14:24:24] -  File to disable: C:\WINDOWS\system32\sstuu.dll
[01/25/2006, 14:24:24] -  Renaming C:\WINDOWS\system32\sstuu.dll -> C:\WINDOWS\system32\sstuu.dll.vir
[01/25/2006, 14:24:24] - ! File rename was unsucessful.
[01/25/2006, 14:24:24] -  Attempting to Deny Access to C:\WINDOWS\system32\sstuu.dll
[01/25/2006, 14:24:24] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/25/2006, 14:24:24] -  ERROR: Der blev ikke udført nogen afbildning mellem kontonavne og sikkerheds-id.

[01/25/2006, 14:24:24] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/25/2006, 14:24:24] -  Removing HKLM\...\Browser Helper Objects\{83A5F7B7-DC75-44CE-9195-264F41709FA9}
[01/25/2006, 14:24:24] -  Removing HKCR\CLSID\{83A5F7B7-DC75-44CE-9195-264F41709FA9}
[01/25/2006, 14:24:24] -  Adding Kill Bit for ActiveX for GUID: {83A5F7B7-DC75-44CE-9195-264F41709FA9}
[01/25/2006, 14:24:25] -  Deleting ATLEvents/MSEvents Registry entries
[01/25/2006, 14:24:25] -  Removing HKLM\...\Winlogon\Notify\sstuu
[01/25/2006, 14:24:25] - Searching for Browser Helper Objects:
[01/25/2006, 14:24:25] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/25/2006, 14:24:25] -  BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[01/25/2006, 14:24:25] -  BHO 3: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[01/25/2006, 14:24:25] -  BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/25/2006, 14:24:25] - Finished Searching Browser Helper Objects
[01/25/2006, 14:24:25] - Finishing up...
[01/25/2006, 14:24:25] - A restart is needed.
[01/25/2006, 14:24:28] - Attempting to Restart via STOP error (Blue Screen!)

[01/25/2006, 14:31:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\AnhDu Vu\Skrivebord\VirtumundoBeGone.exe" )
[01/25/2006, 14:31:18] - Detected System Information:
[01/25/2006, 14:31:18] -  Windows Version: 5.1.2600, Service Pack 2
[01/25/2006, 14:31:18] -  Current Username: AnhDu Vu (Admin)
[01/25/2006, 14:31:18] -  Windows is in NORMAL mode.
[01/25/2006, 14:31:18] - Searching for Browser Helper Objects:
[01/25/2006, 14:31:18] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/25/2006, 14:31:19] -  BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[01/25/2006, 14:31:19] -  BHO 3: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[01/25/2006, 14:31:19] -  BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/25/2006, 14:31:19] - Finished Searching Browser Helper Objects
[01/25/2006, 14:31:19] - Finishing up...
[01/25/2006, 14:31:19] - Nothing found! Exiting...

Den nye hijack:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\AnhDu Vu\Skrivebord\hijackthis\hijackthis.exe
C:\Programmer\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmer\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmer\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede ejvindh Ekspert
25. januar 2006 - 20:11 #5
Angående Rbkiller så er det helt i orden. Jeg var også lidt i tvivl om, om du havde den infektion, som den gælder for. Prøv så lige at uploade en fil her:
http://virusscan.jotti.org/
Klik på Gennemse, klik dig så frem til C:\WINDOWS\system32\drivers\Icon.exe og klik så Submit.

Så kommer der et resultat, som du gerne må paste herind.

Derudover ser det ud til at det lykkedes at få den værste infektion væk :-)

Jeg synes lige du skal fixe denne linie med HJT også (det er vist ikke decideret skidt, men snarere en joke/et irritationsmoment):
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe

Slet herefter mappen:
C:\apps\ClickMe\

Genstart, og check at linien er væk fra HJT-loggen. Hvordan kører computeren nu?
Avatar billede babyboy Nybegynder
25. januar 2006 - 22:44 #6
sådan..og jo:

Service load:  0%        100% 

File:  Icon.exe 
Status:  OK 
MD5  49d568d4c78b56e0d1bb156414dbc649 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing
 
min computer virker en del bedre nu... men jeg har stadig det store problem men min msn... det bliver ved med at afbryde min forbindelse hvor den så tæller ned i ca. 30 sekunder at den logger på igen. hmm...
Avatar billede ejvindh Ekspert
26. januar 2006 - 09:32 #7
Ok, icon.exe var ren. Så tror jeg vi kan konkludere at din pc er ren. Der er mange der rapporterer om ustabilitet fra msn i øjeblikket. Jeg tror det ligger på udbyderens side.

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
Avatar billede babyboy Nybegynder
26. januar 2006 - 09:35 #8
mange tak for hjælpen:)
Avatar billede ejvindh Ekspert
26. januar 2006 - 09:39 #9
Det var så lidt. Jeg takker for point :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
hvilken afløser kan I anbefale? Af jcr18 i Andet sikkerhed 5 17/03/202610:32 18/03/202615:36
Advarsler om datalæk for nogle apps Af nu_igen i Andet sikkerhed 6 02/02/202614:54 03/02/202613:45
Mail fra Yousee ? Svindel? Af nu_igen i Andet sikkerhed 4 13/01/202617:27 14/01/202609:36
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 10:22 Makro der gemmer vedhæftet fil fra Msg og omdøber filen Af lokesa i Excel
I går 13:45 Kablet forbindelse mellem android telefon og windows 11 pc Af 1Dorte i Android
I går 12:04 Elementtype vises - og ikke billedet? Af hkprofil i Billedbehandling
29/0312:08 Problemer med replay af købte kursusvideoer Af annam i Browsere
28/0311:18 DENVER DVB-tMPEG-4 HD TUNER Af ole falsted i Fjernsyn & projektorer
White papers
Flere white papers »