CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede sil1andk Nybegynder
25. april 2006 - 09:04 Der er 9 kommentarer og
1 løsning

Hjælp jeg har virus - hijackthis log er vedlagt

Jeg kører med noget F-Scan secure, og den siger jeg har en del trojans osv.

Jeg søger derfor en ren computer ;)

Logfile of HijackThis v1.99.1
Scan saved at 09:01:40, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rcmdsvc.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
D:\ProgramFiles\NokiaSuite66\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Simon\Apps\Gmail Notifier\gnotify.exe
D:\MsgPlus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\KASPER~1\KASPER~3\OESpamTest.ExE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\OpenAFS\Client\Program\afscreds.exe
C:\Program Files\TRUST\Bluetooth Software\BTTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Simon\DataStudio\PASPortal.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\ProgramFiles\NokiaSuite\ConnMngmntBox.exe
D:\ProgramFiles\NokiaSuite\ECTaskScheduler.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
D:\PROGRA~1\NOKIAS~1\Elogerr.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
D:\PROGRA~1\NOKIAS~1\BROADC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\PROGRA~1\NOKIAS~1\SCRFS.exe
c:\windows\mousepad14.exe
C:\WINDOWS\explorer.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Documents and Settings\simon\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://kom.aau.dk/proxy.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader 7.05\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\ProgramFiles\NokiaSuite66\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Simon\Apps\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\\MsgPlus.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] D:\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard14.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad14.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname14.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [kiok] C:\Program Files\Common Files\kiok\kiokm.exe
O4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: logon-komsoft.lnk = C:\WINDOWS\sysprep\logon-komsoft.bat
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Reader 7.05\Reader\reader_sl.exe
O4 - Global Startup: AFS Credentials.lnk = C:\Program Files\OpenAFS\Client\Program\afscreds.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Program Files\TEXTware\Illuminator 2\Illview02.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: PASPortal.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = D:\ProgramFiles\NokiaSuite\ConnMngmntBox.exe
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = D:\ProgramFiles\NokiaSuite\ECTaskScheduler.exe
O4 - Global Startup: Perstray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter Open-Edit-Save Control (VersionControl)) - http://fronter.com/aatg/links/Fronter_oes_prj.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092653025872
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.coolfm.org/webcam/nsvplayx_vp3_aac.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kom.auc.dk
O17 - HKLM\Software\..\Telephony: DomainName = kom.auc.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kom.auc.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kom.auc.dk
O18 - Protocol: msnim - 0 - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\aameter.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - Unknown owner - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
Avatar billede tonnybrandt Nybegynder
25. april 2006 - 09:05 #1
Jeg kigger lige på den ..
Avatar billede sil1andk Nybegynder
25. april 2006 - 09:11 #2
Super
Avatar billede tonnybrandt Nybegynder
25. april 2006 - 09:13 #3
Hent de her to programmer:
http://cexx.org/lspfix.zip
http://danborg.org/spy/Newnet/winsockxpfix.exe

Gå i tilføj/fjern programmer i kontrol panelet og afinstaller disse programmer:

Webhancer
Messenger Plus3

Hvis du mistede netforbindelsen da du afinstallerede de 2 programmer kan du genetablere den vha de 2 programmer du hentede tidligere. Følg i så fald denne vejledning:
--------------
Kør først LSPfix, sæt flueben i I know what I am doing, klik på finish, genstart, Check om internettet virker.
Gør det ikke det, så prøv Winsockfix, klik først på Reg-backup, og gem en kopi af din regdatabase, når det er slut klik på Fix, når den er færdig genstart og så skulle du gerne kunne komme på nettet igen.
--------------

Så går vi videre med 2 scannere for at få ryddet ud i det som ikke kan ses i loggen ...

Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start superantispyware, klik på Check for updates, når det er opdateret, luk programmet og genstart i fejlsikret.

Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.

Start superantispyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet.

Start superantispyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Vi skal også se en frisk hijackthislog.
Avatar billede sil1andk Nybegynder
25. april 2006 - 09:18 #4
Det kigger jeg på. Jeg vender tilbage ;)
Avatar billede sil1andk Nybegynder
25. april 2006 - 10:50 #5
Det var noget af en omgang. Det tog 20min at scanne for spyware alene.
Jeg kunne få en log ud af Dr.Web.

SUPERAntiSpyware Scan Log
Generated 04/25/2006 at 10:34 AM

Core Rules Database Version : 2892
Trace Rules Database Version: 1037

Memory threats detected  : 1
Registry threats detected : 25
File threats detected    : 82

Adware.NicTech Networks
    C:\WINDOWS\SYSTEM32\GUARD.TMP
    C:\WINDOWS\SYSTEM32\GUARD.TMP
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\17VFL5GY\Installer[1].exe
    C:\Installer.exe

Trojan.WinSysBan
    [keyboard] C:\windows\keyboard14.exe
    C:\windows\keyboard14.exe
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\32SZJD41\keyboard14[1].exe
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\32SZJD41\mousepad14[1].exe

Trojan.ZQuest
    HKLM\Software\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}
    HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}
    HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}
    HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}\InProcServer32
    HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}\InProcServer32#ThreadingModel
    C:\WINDOWS\DH.dll

Remote Administrator
    HKLM\System\ControlSet001\Services\r_server
    C:\WINDOWS\system32\r_server.exe
    HKLM\System\ControlSet002\Services\r_server
    HKLM\System\CurrentControlSet\Services\r_server
    C:\Documents and Settings\All Users\Start Menu\Programs\Remote Administrator v2.2\Settings for Remote Administrator server.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Remote Administrator v2.2\Start Remote Administrator server.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Remote Administrator v2.2\Stop Remote Administrator server.lnk
    C:\Program Files\Radmin\r_server.exe
    C:\WINDOWS\Prefetch\R_SERVER.EXE-0AD0EB14.pf
    C:\WINDOWS\Prefetch\R_SERVER.EXE-19F55FAC.pf

Adware.WebHancer
    HKLM\Software\WebHancer
    HKLM\Software\WebHancer#BaseDir
    HKLM\Software\WebHancer\CC
    HKLM\Software\WebHancer\CC#DistTag
    HKLM\Software\WebHancer\CC#id
    C:\Program Files\WEBHANCER\Programs\whAgent.ini
    C:\Program Files\WEBHANCER\Programs
    C:\Program Files\WEBHANCER
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\32SZJD41\WHCC2[1].exe
    C:\WHCC2.exe

Adware.TargetSavers
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallString
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\8V57YU7T\stub_113_4_0_4_0[1].exe
    C:\Program Files\Common Files\kiok\kiokl.exe
    C:\Program Files\Common Files\kiok\kiokp.exe
    C:\stub_113_4_0_4_0.exe

Trojan.SmartLoad
    HKLM\Software\Microsoft\drsmartload2
    HKLM\Software\Microsoft\drsmartload2#Installed
    C:\drsmartload1.exe
    C:\WINDOWS\drsmartload2.dat

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-339396768-1354994151-2081424743-1022\Software\Microsoft\Internet Explorer\Main#Start Page [ http://www.findthewebsiteyouneed.com ]
    HKU\S-1-5-21-339396768-1354994151-2081424743-1022\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ]
    HKLM\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ]
    HKU\S-1-5-21-339396768-1354994151-2081424743-1022\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
    HKU\S-1-5-21-339396768-1354994151-2081424743-1022\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://searchbar.findthewebsiteyouneed.com ]
    HKU\S-1-5-21-339396768-1354994151-2081424743-1022\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.Tracking Cookie
    C:\Documents and Settings\bli\Cookies\bli@2o7[1].txt
    C:\Documents and Settings\bli\Cookies\bli@ad1.emediate[1].txt
    C:\Documents and Settings\bli\Cookies\bli@as1.falkag[2].txt
    C:\Documents and Settings\bli\Cookies\bli@atdmt[1].txt
    C:\Documents and Settings\bli\Cookies\bli@track.adform[2].txt
    C:\Documents and Settings\simon\Cookies\simon@2o7[2].txt
    C:\Documents and Settings\simon\Cookies\simon@ad.admarketplace[2].txt
    C:\Documents and Settings\simon\Cookies\simon@ad.adocean[2].txt
    C:\Documents and Settings\simon\Cookies\simon@ad.yieldmanager[2].txt
    C:\Documents and Settings\simon\Cookies\simon@ad1.clickhype[1].txt
    C:\Documents and Settings\simon\Cookies\simon@ads.arto[1].txt
    C:\Documents and Settings\simon\Cookies\simon@ads.cc214142[1].txt
    C:\Documents and Settings\simon\Cookies\simon@adserver.banneradministration[1].txt
    C:\Documents and Settings\simon\Cookies\simon@adtech[2].txt
    C:\Documents and Settings\simon\Cookies\simon@advertising[2].txt
    C:\Documents and Settings\simon\Cookies\simon@as-eu.falkag[2].txt
    C:\Documents and Settings\simon\Cookies\simon@as1.falkag[1].txt
    C:\Documents and Settings\simon\Cookies\simon@atdmt[2].txt
    C:\Documents and Settings\simon\Cookies\simon@belnk[2].txt
    C:\Documents and Settings\simon\Cookies\simon@dist.belnk[2].txt
    C:\Documents and Settings\simon\Cookies\simon@doubleclick[1].txt
    C:\Documents and Settings\simon\Cookies\simon@fastclick[1].txt
    C:\Documents and Settings\simon\Cookies\simon@hc2.humanclick[1].txt
    C:\Documents and Settings\simon\Cookies\simon@indextools[1].txt
    C:\Documents and Settings\simon\Cookies\simon@m1.webstats4u[1].txt
    C:\Documents and Settings\simon\Cookies\simon@mediaplex[1].txt
    C:\Documents and Settings\simon\Cookies\simon@partypoker[1].txt
    C:\Documents and Settings\simon\Cookies\simon@revenue[2].txt
    C:\Documents and Settings\simon\Cookies\simon@sel.as-eu.falkag[1].txt
    C:\Documents and Settings\simon\Cookies\simon@stat.onestat[2].txt
    C:\Documents and Settings\simon\Cookies\simon@statcounter[2].txt
    C:\Documents and Settings\simon\Cookies\simon@stats2[1].txt
    C:\Documents and Settings\simon\Cookies\simon@stats3[2].txt
    C:\Documents and Settings\simon\Cookies\simon@statse.webtrendslive[1].txt
    C:\Documents and Settings\simon\Cookies\simon@targetnet[1].txt
    C:\Documents and Settings\simon\Cookies\simon@track.adform[2].txt
    C:\Documents and Settings\simon\Cookies\simon@tradedoubler[2].txt
    C:\Documents and Settings\simon\Cookies\simon@tribalfusion[2].txt
    C:\Documents and Settings\simon\Cookies\simon@zedo[2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\prepus3r@doubleclick[1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\prepus3r@hitbox[1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\prepus3r@phg.hitbox[1].txt

Trojan.DollarRevenue
    C:\Documents and Settings\simon\Desktop\Kaspersky_Anti_Virus_Personal_Pro_v5.14\crack.exe
    C:\Documents and Settings\simon\Local Settings\Temp\Rar$EX04.370\crack.exe
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\8V57YU7T\drsmartload46a[1].exe
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\YP7CH0JE\drsmartload45a[1].exe
    C:\drsmartload45a.exe
    C:\drsmartload46a.exe

TargetSaver, Inc. Process
    C:\Documents and Settings\simon\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
    C:\WINDOWS\system32\tsuninst.exe

Trojan.Unknown Origin
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\8V57YU7T\sk02[1].exe
    C:\WINDOWS\sk02.exe
    C:\WINDOWS\teller2.chk

Trojan.CmdService
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\YP7CH0JE\MTE3NDI6ODoxNg[1].exe
    C:\MTE3NDI6ODoxNg.exe

Trojan.GimmySmilies
    C:\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\YP7CH0JE\newname14[1].exe

BW2.COM Loader Application
    C:\WINDOWS\Temp\bw2.com



Logfile of HijackThis v1.99.1
Scan saved at 10:42:29, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\simon\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://kom.aau.dk/proxy.php
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\ProgramFiles\NokiaSuite66\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Simon\Apps\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] D:\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kiok] C:\Program Files\Common Files\kiok\kiokm.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: logon-komsoft.lnk = C:\WINDOWS\sysprep\logon-komsoft.bat
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Reader 7.05\Reader\reader_sl.exe
O4 - Global Startup: AFS Credentials.lnk = C:\Program Files\OpenAFS\Client\Program\afscreds.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Program Files\TEXTware\Illuminator 2\Illview02.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: PASPortal.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = D:\ProgramFiles\NokiaSuite\ConnMngmntBox.exe
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = D:\ProgramFiles\NokiaSuite\ECTaskScheduler.exe
O4 - Global Startup: Perstray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter Open-Edit-Save Control (VersionControl)) - http://fronter.com/aatg/links/Fronter_oes_prj.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092653025872
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.coolfm.org/webcam/nsvplayx_vp3_aac.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kom.auc.dk
O17 - HKLM\Software\..\Telephony: DomainName = kom.auc.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kom.auc.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kom.auc.dk
O18 - Protocol: msnim - 0 - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - Unknown owner - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
Avatar billede sil1andk Nybegynder
25. april 2006 - 10:51 #6
EDIT:

Jeg kunne IKKE få en log ud af Dr.Web
Avatar billede tonnybrandt Nybegynder
25. april 2006 - 11:01 #7
Imponerende hvad de 2 scannere kan gøre ved en inficeret pc. Der er ikke meget snavs tilbage ...

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, slet mapper og filer listet nederst.

O4 - HKCU\..\Run: [kiok] \kiokm.exe

---------------------------------------
Sletning af filer og mapper:
-------------------
Mapper:
C:\Program Files\Common Files\kiok

Filer:
<ingen>

Genstart normalt og kom med en ny log til kontrol

Det er ok at du ikke kunne finde loggen fra drweb. Vi klarer os uden.
Avatar billede sil1andk Nybegynder
25. april 2006 - 11:12 #8
Frisk log:

Logfile of HijackThis v1.99.1
Scan saved at 11:11:12, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rcmdsvc.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
D:\ProgramFiles\NokiaSuite66\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Simon\Apps\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Adobe\Reader 7.05\Reader\reader_sl.exe
C:\Program Files\OpenAFS\Client\Program\afscreds.exe
C:\Program Files\TRUST\Bluetooth Software\BTTray.exe
D:\Simon\DataStudio\PASPortal.exe
D:\ProgramFiles\NokiaSuite\ConnMngmntBox.exe
D:\ProgramFiles\NokiaSuite\ECTaskScheduler.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
D:\PROGRA~1\NOKIAS~1\Elogerr.exe
D:\PROGRA~1\NOKIAS~1\BROADC~1.EXE
D:\PROGRA~1\NOKIAS~1\SCRFS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\simon\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://kom.aau.dk/proxy.php
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\ProgramFiles\NokiaSuite66\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Simon\Apps\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: logon-komsoft.lnk = C:\WINDOWS\sysprep\logon-komsoft.bat
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Reader 7.05\Reader\reader_sl.exe
O4 - Global Startup: AFS Credentials.lnk = C:\Program Files\OpenAFS\Client\Program\afscreds.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Program Files\TEXTware\Illuminator 2\Illview02.exe
O4 - Global Startup: PASPortal.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = D:\ProgramFiles\NokiaSuite\ConnMngmntBox.exe
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = D:\ProgramFiles\NokiaSuite\ECTaskScheduler.exe
O4 - Global Startup: Perstray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter Open-Edit-Save Control (VersionControl)) - http://fronter.com/aatg/links/Fronter_oes_prj.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092653025872
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.coolfm.org/webcam/nsvplayx_vp3_aac.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kom.auc.dk
O17 - HKLM\Software\..\Telephony: DomainName = kom.auc.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kom.auc.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kom.auc.dk
O18 - Protocol: msnim - 0 - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - Unknown owner - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)



Vil du anbefale noget software, til at beskytte mod fremtidige angreb? Også en god firewall? Kunne det være Bullguard?
Avatar billede tonnybrandt Nybegynder
25. april 2006 - 12:03 #9
Sorry, der gik vist noget galt da jeg lavede den sidste procedure.

Alle disse kom ikke med:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

De skal fixes i HiJackThis

Genstart og check i HiJackThis, at de nu er væk. Er de det behøver du ikke sende en ny HiJackThis log.

Mht til beskyttelse af pc'en, vil jeg anbefale at du kigger på denne sikkerhedspakke:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Der er både købe og gratisprodukter.
Dog vil jeg da henlede opmærksomheden på Windows defender, som er gratis og tilbyder aktivt skjold, hvilket der ikke er nogen gratis alternativer der ellers tilbyder. Af den grund er den værd at overveje.
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Mht købe-programmer, er jeg godt tilfreds med Super AntiSpyware Pro, som du jo lige har prøvet, da det var den der blev brugt i fixet. Super godt program.
Avatar billede tonnybrandt Nybegynder
25. april 2006 - 12:17 #10
Takker for point :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 16:04 Sæt Overskrift / Caption ved hjælp af vba kode Af per2edb i Excel
14/0713:10 ip adresser forskellig i ipconfig og myip.com Af Uvanga i LAN/WAN
14/0713:04 Windows Telefonlink Af barth i Andet software
13/0718:58 Kvindelige rolleindehavere i EX-Wife Af Ikke-ekspert i Fri debat
12/0722:10 Computer til videoredigering og casual gaming Af Kean BS i PC
White papers
Flere white papers »


Premium
Teaser billede
Lifa-direktør gennemgik "den mest hektiske periode i mit liv" efter hackerangreb: Nu åbner CEO'en op om forløbet
Læs mere »
Hvad sker der egentlig med vores data, når vi dør? Det lever stille videre - her er, hvad du selv kan gøre
Ny teknologi giver ofte dårlige resultater i kundeservice-afdelinger: Her er tre punkter, din virksomhed skal huske
AWS med forudsigelse: Sådan vil AI påvirke udvikleres arbejde i fremtiden
Se alle »
Computerworld
Teaser billede
Verdens største it-distributør ramt af ransomware: VPN mistænkt som indgang
Læs mere »
Elon Musks nye AI-model Grok 4 er hundedyr – men den fejer alle konkurrentere af banen i ny analyse
Danske husstande med YouSee-routere angribes to gange om dagen: Så enkelt sikrer du din egen
Onsdag hyldede Elon Musks chatbot Hitler - samtidig valgte selskabets topchef at trække sig
Se alle »
CIO
Teaser billede
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Læs mere »
Vinderne er fundet: Disse to it-leverandører skal levere Microsoft-løsninger for milliarder til den danske stat
Kæmpe it-distributør er tilbage i drift efter ransomware-angreb: "Har arbejdet døgnet rundt"
Tog et opgør med standard-it og ikke-supporteret udstyr: Nu udvikler stor dansk investeringsfond selv
Se alle »
Job & Karriere
Teaser billede
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Læs mere »
Itm8 fyrer: Opsiger ansatte og reorganiserer
Fagforbund slår alarm over Netcompany: "Man risikerer at knække halsen på deres arbejdsmiljø"
Larry Ellison er blevet 165 milliarder kroner rigere på få timer: Er nu pludselig verdens næstrigeste mand
Se alle »
White paper
Teaser billede
Sikkerhed gjort enkelt: Beskyt din virksomhed direkte i browseren
Læs mere »
Få reel viden om datasuverænitet og tag selv kontrollen
AI og kunderejsen: Sådan vinder du fremtidens forbrugere
NIS2: Sådan styrker du både cybersikkerhed og compliance
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »