Avatar billede chrolle Nybegynder
16. marts 2006 - 09:44 Der er 5 kommentarer og
1 løsning

Logfil til hijackthis

hej fik at vide det var her man kunne få hjælp til dette. så er der en der kan se hvad der ikke skal være på min computer?

Logfile of HijackThis v1.99.1
Scan saved at 09:41:09, on 16-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Apoint\Apntex.exe
C:\PROGRA~1\FÆLLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\C Technologies\C-Pen 20\CPen20.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\C Technologies\C-Pen 20\VeOCRApp.exe
C:\Programmer\C Technologies\C-Pen 20\CPenDesk.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmer\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\NetLimiter 2 Monitor\nlsvc.exe
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\OpenSSH\bin\cygrunsrv.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmer\OpenSSH\usr\sbin\sshd.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\Programmer\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mspaint.exe
C:\Programmer\Opera\Opera.exe
C:\Documents and Settings\Computer\Dokumenter\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.c2h5oh.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.c2h5oh.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Programmer\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programmer\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Programmer\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - Global Startup: C-Pen 20.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\mvj4l91q1.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programmer\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Programmer\OpenSSH\bin\cygrunsrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
Avatar billede kalp Novice
16. marts 2006 - 09:59 #1
ser på det
Avatar billede kalp Novice
16. marts 2006 - 10:06 #2
Download Look2Me-Destroyer herfra og gem det på dit skrivebord.
http://www.atribune.org/ccount/click.php?id=7

Luk alle programmer og helt ned så du kun kan se dit skrivebord.

Dobbeltklik på Look2Me-Destroyer og sæt et flueben i >>Run this program as a task<<. Du klik okay til meddelelsen om, at Look2Me vil lukke og åbne af sig selv efter 10 sekunder.

Når du kan se Look2Me igen skal du klikke på >>Scan for L2M<<.
Hvis du har ikoner på dit skrivebord vil disse midlertidigt forsvinde.

Tryk nu på >>Remove L2M<< og tryk okay når du får meddelelsen >>Done scanning<<

Når programmet er færdigt vil den genstarte din computer og det lader du den gøre.
Når du er i windows igen finder du denne fil C:\Look2Me-Destroyer.txt og kopirer indholdet herind.

samt en ny  log fra hijackthis
Avatar billede chrolle Nybegynder
16. marts 2006 - 14:24 #3
Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 16-03-2006 13:18:02

Infected! C:\WINDOWS\system32\mvj4l91q1.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP111\A0021004.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP111\A0021005.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP112\A0021083.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP112\A0021084.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP115\A0022139.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP116\A0022208.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP117\A0022261.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP117\A0022284.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP118\A0022306.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP118\A0022328.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP119\A0022417.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP119\A0022473.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP120\A0022500.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP120\A0022516.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP120\A0022537.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0022559.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0022566.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP122\A0022617.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP122\A0022629.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022714.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022719.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022723.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022749.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022775.dll
Infected! C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0026419.dll
Infected! C:\WINDOWS\system32\hricons.dll
Infected! C:\WINDOWS\system32\i2jq0c15ef.dll
Infected! C:\WINDOWS\system32\imfxdev.dll
Infected! C:\WINDOWS\system32\mkltus40.dll
Infected! C:\WINDOWS\system32\mqcorier.dll
Infected! C:\WINDOWS\system32\mxcat32.dll
Infected! C:\WINDOWS\system32\skell32.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\mvj4l91q1.dll
C:\WINDOWS\system32\mvj4l91q1.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP111\A0021004.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP111\A0021004.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP111\A0021005.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP111\A0021005.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP112\A0021083.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP112\A0021083.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP112\A0021084.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP112\A0021084.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP115\A0022139.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP115\A0022139.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP116\A0022208.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP116\A0022208.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP117\A0022261.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP117\A0022261.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP117\A0022284.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP117\A0022284.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP118\A0022306.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP118\A0022306.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP118\A0022328.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP118\A0022328.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP119\A0022417.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP119\A0022417.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP119\A0022473.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP119\A0022473.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP120\A0022500.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP120\A0022500.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP120\A0022516.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP120\A0022516.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP120\A0022537.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP120\A0022537.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0022559.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0022559.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0022566.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0022566.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP122\A0022617.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP122\A0022617.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP122\A0022629.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP122\A0022629.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022714.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022714.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022719.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022719.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022723.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022723.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022749.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022749.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022775.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0022775.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0026419.dll
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP123\A0026419.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\hricons.dll
C:\WINDOWS\system32\hricons.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\i2jq0c15ef.dll
C:\WINDOWS\system32\i2jq0c15ef.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\imfxdev.dll
C:\WINDOWS\system32\imfxdev.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mkltus40.dll
C:\WINDOWS\system32\mkltus40.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mqcorier.dll
C:\WINDOWS\system32\mqcorier.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mxcat32.dll
C:\WINDOWS\system32\mxcat32.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\skell32.dll
C:\WINDOWS\system32\skell32.dll could not be deleted!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9A6F2D33-46D4-4CE5-A33D-746E970F9350}"
HKCR\Clsid\{9A6F2D33-46D4-4CE5-A33D-746E970F9350}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BFBB16FA-90AA-420B-A4A5-8390E1BE5FED}"
HKCR\Clsid\{BFBB16FA-90AA-420B-A4A5-8390E1BE5FED}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C02805BD-5DD8-4757-AC4D-71438149AB71}"
HKCR\Clsid\{C02805BD-5DD8-4757-AC4D-71438149AB71}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1FA1A245-6A71-42F6-AE05-46C05D542A58}"
HKCR\Clsid\{1FA1A245-6A71-42F6-AE05-46C05D542A58}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3A73E95B-8990-4207-A3AE-D3696B6E19F9}"
HKCR\Clsid\{3A73E95B-8990-4207-A3AE-D3696B6E19F9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{41EBCA18-B3C4-4F2E-A048-5836572908FF}"
HKCR\Clsid\{41EBCA18-B3C4-4F2E-A048-5836572908FF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FC0D522B-9FED-42F6-AECD-5387555ED583}"
HKCR\Clsid\{FC0D522B-9FED-42F6-AECD-5387555ED583}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administratorer - Succeeded



Logfile of HijackThis v1.99.1
Scan saved at 14:24:25, on 16-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Notebook Hardware Control\nhc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FÆLLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\C Technologies\C-Pen 20\CPen20.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\C Technologies\C-Pen 20\VeOCRApp.exe
C:\Programmer\C Technologies\C-Pen 20\CPenDesk.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\NetLimiter 2 Monitor\nlsvc.exe
C:\Programmer\OpenSSH\bin\cygrunsrv.exe
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\OpenSSH\usr\sbin\sshd.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmer\Opera\Opera.exe
C:\Documents and Settings\Computer\Skrivebord\Chrølle's FTP\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.c2h5oh.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.c2h5oh.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Programmer\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programmer\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Programmer\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - Global Startup: C-Pen 20.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programmer\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Programmer\OpenSSH\bin\cygrunsrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
Avatar billede kalp Novice
16. marts 2006 - 14:44 #4
hjt blev fin, men tror ikke L2M kørte som den skulle.

Du kørte den i normal tilstand og alt andet lukket ned?

om ikke andet må du gerne køre den igen og så kigger jeg tilbage senere da jeg skal gå nu
Avatar billede chrolle Nybegynder
17. marts 2006 - 09:19 #5
tak for hjælpen har ikk fået nogle popup de sidste 12 timer så jeg går ud fra at det er fint nok så...

ved ikke hvordan jeg skal give dig de der point men bare skriv hvordan så skal du nok få dem...

og endnu engang tak
Avatar billede kalp Novice
17. marts 2006 - 09:36 #6
Jeg ligger lige et svar så du kan give mig point:)
Nu kan du markere mit brugernavn helt nede i venstre hjørne og trykke på accepter svar.

Jeg ved ikke om du kørte L2M igen, men det vil jeg anbefale du gør selv om det ser ud til din maskine er ren.

Slå også systemgendannelse fra.. genstart og slå det til igen for så er vi sikre på der ikke gemmer sig noget der:)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester