Dr. web, Super antispyware og Hijackthis
Læste lige denne artikel og der kom dette resultat. Håber der er nogle der gider kigge på det og kan hjælpe mig.<url>http://www.eksperten.dk/artikler/954<url/>
Dr. web
Scan statistics
Objects scanned: 12
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1323 Kb/s
Scan time: 00:00:01
SUPERAntiSpyware Scan Log
Generated 05/01/2006 at 04:27 PM
Core Rules Database Version : 2906
Trace Rules Database Version: 1038
Memory threats detected : 0
Registry threats detected : 31
File threats detected : 33
Trojan.GimmySmilies
[newname] C:\windows\newname16.exe
C:\windows\newname16.exe
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\698N7SFC\newname16[1].exe
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\733CCY77\newname15[1].exe
C:\WINDOWS\newname15.exe
C:\WINDOWS\Prefetch\NEWNAME15.EXE-0564CA60.pf
Trojan.ZQuest
HKLM\Software\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}
HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}
HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}
HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}\InProcServer32
HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}\InProcServer32#ThreadingModel
C:\WINDOWS\DH.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6001CDF7-6F45-471b-A203-0225615E35A7}
Adware.Tracking Cookie
C:\Documents and Settings\Lasse\Cookies\lasse@adtech[1].txt
C:\Documents and Settings\Lasse\Cookies\lasse@mmm.media-motor[1].txt
C:\Documents and Settings\Lasse\Cookies\lasse@mediaplex[1].txt
C:\Documents and Settings\Lasse\Cookies\lasse@track.adform[2].txt
C:\Documents and Settings\Lasse\Cookies\lasse@www.popupsandbanners[2].txt
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media.top-banners[1].txt
C:\Documents and Settings\Sidse\Cookies\sidse@ad.yieldmanager[1].txt
C:\Documents and Settings\Sidse\Cookies\sidse@http.edge.vru4[2].txt
C:\Documents and Settings\Sidse\Cookies\sidse@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Sidse\Cookies\sidse@mmm.media-motor[2].txt
C:\Documents and Settings\Sidse\Cookies\sidse@toplist[1].txt
C:\Documents and Settings\Sidse\Cookies\sidse@www.popupsandbanners[2].txt
Adware.WebHancer
HKLM\Software\WebHancer
HKLM\Software\WebHancer#BaseDir
HKLM\Software\WebHancer\CC
HKLM\Software\WebHancer\CC#DistTag
HKLM\Software\WebHancer\CC#id
C:\Programmer\WEBHANCER\Programs\whAgent.ini
C:\Programmer\WEBHANCER\Programs
C:\Programmer\WEBHANCER
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\733CCY77\WHCC2[1].exe
C:\WHCC2.exe
Adware.Director
HKU\.DEFAULT\Software\Director
HKU\S-1-5-18\Software\Director
Trojan.SmartLoad
HKLM\Software\Microsoft\drsmartload2
HKLM\Software\Microsoft\drsmartload2#Installed
C:\WINDOWS\drsmartload2.dat
Browser Hijacker.Internet Explorer Settings Hijack
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main#Start Page [ http://www.findthewebsiteyouneed.com ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main#Start Page [ http://www.findthewebsiteyouneed.com ]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-21-1409082233-2111687655-1957994488-1004\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ]
HKLM\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-21-1409082233-2111687655-1957994488-1004\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-21-1409082233-2111687655-1957994488-1004\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://searchbar.findthewebsiteyouneed.com ]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-21-1409082233-2111687655-1957994488-1004\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
Trojan.MC Downloader Variant
C:\Documents and Settings\Lasse\DoctorWeb\Quarantine\mc-110-12-0000336.exe
Trojan.Unknown Origin
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\733CCY77\sk02[1].exe
C:\WINDOWS\teller2.chk
Trojan.DollarRevenue
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\8IU3KO4H\drsmartload45a[1].exe
C:\RECYCLER\S-1-5-21-1409082233-2111687655-1957994488-1004\Dc4.exe
C:\WINDOWS\drsmartload45a.#xe
Adware.Unknown Origin
C:\WINDOWS\system32\ad.html
Unclassified.Unknown Origin/System
C:\WINDOWS\system32\winocx.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:39:44, on 1-05-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\windows\mousepad16.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Lasse\Dokumenter\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.the-click.info/mediam.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://signon.stofanet.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {10715114-DCCC-4214-A241-E15A93FBC4FA} - \
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad16.exe
O4 - HKLM\..\Run: [WinFix service] faomlxgi.exe
O4 - HKLM\..\Run: [dll services] fvbzohgvd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\RunServices: [WinFix service] faomlxgi.exe
O4 - HKLM\..\RunServices: [dll services] fvbzohgvd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146412864341
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows System Tray - Unknown owner - C:\WINDOWS\systay.exe (file missing)
