Notifikationer

Markér alle som læst Log ud

jbj9000 Nybegynder

08. juli 2006 - 11:02 Der er 3 kommentarer og
1 løsning

Startside Hijacked + det løse

Var så uheldig at få hijacked min startside, oven i det kom der også ldit spyware. Jeg gik ud fra jeres utrolig gode og over skuelige guide på: http://www.eksperten.dk/artikler/954

Problemet ser ud til at være løst allerede nu. Men i beder om at man poster log filerne, så i evt kan hjælpe yderligere. Så er kommer de: (undskyld, men de er utroligt lange)

Logfile of
HijackThis v1.99.1
Scan saved at 10:49:18, on 08-07-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Programmer\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\Programmer\Trend Micro\PC-cillin 2003\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Programmer\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Programmer\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jesper Bornø Jensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\CJFJ2CTP\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programmer\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmer\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: fairydom - {5839511e-ec1b-4f91-ace3-fb88e52f5239} - C:\WINDOWS\System32\jevtxpg.dll (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Programmer\Trend Micro\PC-cillin 2003\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Programmer\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Programmer\Trend Micro\PC-cillin 2003\tmproxy.exe

Her kommer DRWeb:
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] C:\WINDOWS\System32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\Explorer.EXE
[Scan path] C:\Documents and Settings\Jesper Bornø Jensen\Skrivebord\drweb-cureit.exe
[Scan path] C:\DOCUME~1\JESPER~1\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\JESPER~1\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] C:\Programmer\Trend Micro\PC-cillin 2003\pccguide.exe
[Scan path] C:\Programmer\Trend Micro\PC-cillin 2003\PCCClient.exe
[Scan path] C:\Programmer\Trend Micro\PC-cillin 2003\Pop3trap.exe
[Scan path] c:\windows\system32\nvcpl.dll
[Scan path] C:\WINDOWS\System32\rundll32.exe
[Scan path] C:\WINDOWS\System32\nwiz.exe
[Scan path] c:\windows\system32\nvmctray.dll
[Scan path] C:\Programmer\QuickTime\qttask.exe
[Scan path] C:\WINDOWS\System32\isnotify.exe
[Scan path] C:\WINDOWS\System32\ctfmon.exe
[Scan path] C:\Programmer\MSN Messenger\MsnMsgr.Exe
[Scan path] C:\Programmer\Messenger\msmsgs.exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
[Scan path] C:\Documents and Settings\Jesper Bornø Jensen\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[Scan path] C:\WINDOWS\System32\mmsys.cpl
[Scan path] C:\WINDOWS\System32\icmui.dll
[Scan path] C:\WINDOWS\System32\rshx32.dll
[Scan path] C:\WINDOWS\System32\docprop.dll
[Scan path] C:\WINDOWS\System32\ntshrui.dll
[Scan path] C:\WINDOWS\System32\themeui.dll
[Scan path] C:\WINDOWS\System32\deskadp.dll
[Scan path] C:\WINDOWS\System32\deskmon.dll
[Scan path] C:\WINDOWS\System32\dssec.dll
[Scan path] C:\WINDOWS\System32\SlayerXP.dll
[Scan path] C:\WINDOWS\System32\shscrap.dll
[Scan path] C:\WINDOWS\System32\diskcopy.dll
[Scan path] C:\WINDOWS\System32\ntlanui2.dll
[Scan path] C:\WINDOWS\System32\printui.dll
[Scan path] C:\WINDOWS\System32\dskquoui.dll
[Scan path] C:\WINDOWS\System32\syncui.dll
[Scan path] C:\WINDOWS\System32\hticons.dll
[Scan path] C:\WINDOWS\System32\fontext.dll
[Scan path] C:\WINDOWS\System32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\System32\wiashext.dll
[Scan path] C:\WINDOWS\System32\remotepg.dll
[Scan path] C:\WINDOWS\System32\wuaucpl.cpl
[Scan path] C:\WINDOWS\System32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\System32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\System32\shmedia.dll
[Scan path] C:\WINDOWS\System32\browseui.dll
[Scan path] C:\WINDOWS\System32\sendmail.dll
[Scan path] C:\WINDOWS\System32\occache.dll
[Scan path] C:\WINDOWS\System32\webcheck.dll
[Scan path] C:\WINDOWS\System32\appwiz.cpl
[Scan path] C:\WINDOWS\System32\shimgvw.dll
[Scan path] C:\WINDOWS\System32\netplwiz.dll
[Scan path] C:\WINDOWS\System32\zipfldr.dll
[Scan path] C:\WINDOWS\System32\cdfview.dll
[Scan path] C:\WINDOWS\System32\msieftp.dll
[Scan path] C:\WINDOWS\System32\docprop2.dll
[Scan path] C:\WINDOWS\System32\dsquery.dll
[Scan path] C:\WINDOWS\System32\dsuiext.dll
[Scan path] C:\WINDOWS\System32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\System32\dfsshlex.dll
[Scan path] C:\WINDOWS\System32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\System32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\Programmer\Trend Micro\PC-cillin 2003\Tmdshell.dll
[Scan path] C:\Programmer\Trend Micro\PC-cillin 2003\VBProp.dll
[Scan path] C:\WINDOWS\System32\nvcpl.dll
[Scan path] C:\WINDOWS\System32\nvshell.dll
[Scan path] C:\WINDOWS\System32\Audiodev.dll
[Scan path] C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[Scan path] C:\PROGRA~1\FLLESF~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\Programmer\Microsoft Office\Office10\OLKFSTUB.DLL
[Scan path] C:\Programmer\Microsoft Office\Office10\msohev.dll
[Scan path] C:\Programmer\WinRAR\rarext.dll
[Scan path] C:\Programmer\iTunes\iTunesMiniPlayer.dll
[Scan path] C:\WINDOWS\system32\mscoree.dll
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[Scan path] C:\WINDOWS\System32\ixt0.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\System32\stobject.dll
[Scan path] C:\WINDOWS\System32\crypt32.dll
[Scan path] C:\WINDOWS\System32\cryptnet.dll
[Scan path] C:\WINDOWS\System32\cscdll.dll
[Scan path] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\System32\wlnotify.dll
[Scan path] C:\WINDOWS\System32\sclgntfy.dll
[Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] c:\windows\system32\svchost.exe
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\amdk7.sys
[Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\system32\drivers\cmaudio.sys
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\WINDOWS\System32\Drivers\dtscsi.sys
C:\WINDOWS\System32\Drivers\dtscsi.sys - read error

[Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\gameenum.sys
[Scan path] C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\hidusb.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\HPZid412.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\HPZius12.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\System32\imapi.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys
[Scan path] C:\Programmer\iPod\bin\iPodService.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\System32\mnmsrvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mouhid.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\System32\msdtc.exe
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
[Scan path] C:\WINDOWS\system32\drivers\nvax.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NVENET.sys
[Scan path] C:\WINDOWS\system32\drivers\nvapu.sys
[Scan path] C:\WINDOWS\System32\nvsvc32.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nv_agp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys
[Scan path] C:\Programmer\Trend Micro\PC-cillin 2003\PccPfw.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\System32\HPZipm12.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\System32\locator.exe
[Scan path] C:\WINDOWS\System32\rsvp.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\RTL8139.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\drivers\scsiport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\System32\Drivers\sptd.sys
C:\WINDOWS\System32\Drivers\sptd.sys - read error

[Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\System32\tlntsvr.exe
[Scan path] C:\WINDOWS\System32\drivers\TmXPFlt.sys
[Scan path] C:\Programmer\Trend Micro\PC-cillin 2003\Tmntsrv.exe
[Scan path] C:\WINDOWS\System32\drivers\Tmpreflt.sys
[Scan path] C:\Programmer\Trend Micro\PC-cillin 2003\tmproxy.exe
[Scan path] C:\WINDOWS\System32\Drivers\tmtdi.sys
[Scan path] C:\WINDOWS\System32\Drivers\tm_cfw.sys
[Scan path] C:\WINDOWS\System32\wdfmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\usbccgp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbohci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbprint.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbscan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\System32\drivers\Vsapint.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\System32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 235
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 2673 Kb/s
Scan time: 00:00:26
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\Jesper Bornø Jensen\NTUSER.DAT - read error
C:\Documents and Settings\Jesper Bornø Jensen\NTUSER~1.LOG - read error
C:\Documents and Settings\Jesper Bornø Jensen\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Jesper Bornø Jensen\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Jesper Bornø Jensen\Lokale indstillinger\Temp\temp.frCB3A infected with Trojan.Fakealert - deleted
>C:\Programmer\WinRAR\Dos.SFXC:\WINDOWS\system32\TFTP1460 infected with Win32.HLLW.Shepher - deleted
>>C:\WINDOWS\system32\components\flx5.dll infected with Trojan.Fakealert - deleted
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error
C:\WINDOWS\system32\drivers\dtscsi.sys - read error
C:\WINDOWS\system32\drivers\sptd.sys - read error
C:\WINDOWS\system32\drivers\sptd2781.sys - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 54552
Infected objects found: 3
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 3
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 996 Kb/s
Scan time: 00:22:07
-----------------------------------------------------------------------------

Og HER SAS:(med fjernede cookies, regnede ikke med de betøs noget)
SUPERAntiSpyware Scan Log
Generated 07/08/2006 at 10:40 AM

Core Rules Database Version : 3011
Trace Rules Database Version: 1080

Memory threats detected : 0
Registry threats detected : 19
File threats detected : 78

Malware.Safety Bar
HKLM\Software\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}
HKCR\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}
HKCR\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}
HKCR\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\Implemented Categories
HKCR\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\InprocServer32
HKCR\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\InprocServer32#ThreadingModel
C:\Programmer\Safety Bar\Safety Bar.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{052b12f7-86fa-4921-8482-26c42316b522}
HKU\S-1-5-21-57989841-492894223-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{052B12F7-86FA-4921-8482-26C42316B522}

Browser Hijacker.BestSafetyGuide
HKLM\Software\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}
HKCR\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}
HKCR\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}
HKCR\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}\InprocServer32
HKCR\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}\InprocServer32#ThreadingModel
C:\WINDOWS\System32\ixt0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}

Registry Cleaner Trial
HKCR\CLSID\{78F951DB-9229-20AE-CA30-A3D89F43E7FD}
HKU\S-1-5-21-57989841-492894223-725345543-1003\Software\Registry Cleaner
HKU\S-1-5-21-57989841-492894223-725345543-1003\Software\SoftwareOnline.com
C:\Documents and Settings\Jesper Bornø Jensen\Application Data\Registry Cleaner\Regclean.ini
C:\Documents and Settings\Jesper Bornø Jensen\Application Data\Registry Cleaner

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url
C:\Documents and Settings\All Users\Menuen Start\Security Troubleshooting.url
C:\Documents and Settings\Jesper Bornø Jensen\Foretrukne\Antivirus Test Online.url

Trojan.AtmClk
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#kernel32.dll [ C:\WINDOWS\System32\isnotify.exe ]

Malware.Notifier
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\Prefetch\ISHOST.EXE-011E5588.pf
C:\WINDOWS\Prefetch\ISMON.EXE-2D4D3EFC.pf
C:\WINDOWS\Prefetch\ISNOTIFY.EXE-31FF06B3.pf
C:\WINDOWS\Prefetch\ISSEARCH.EXE-208DA017.pf

Trojan.RUNDL32/System
C:\WINDOWS\system32\rundl32.exe

Undskyld det lange indlæg!

Som sagt ved jeg ikke om der er mere at gøre, men følger guiden og poster det alligevel!

Mvh Jesper

Synes godt om

levich Nybegynder

08. juli 2006 - 12:41 #1

øjeblik, så ser jeg det igennem.

Synes godt om

levich Nybegynder

08. juli 2006 - 12:44 #2

Det ser fint ud.

Synes godt om

fromsej Praktikant

08. juli 2006 - 14:33 #3

Jeg er ikke helt enig.*S*

O21 - SSODL: fairydom - {5839511e-ec1b-4f91-ace3-fb88e52f5239} - C:\WINDOWS\System32\jevtxpg.dll (file missing)
Indikerer at der er eller har været Smitfraud på maskinen.

-- Hent S!Ri's SmitfraudFix.zip og pak det ud til dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.

-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og opdater programmet, men vent med at scanne.

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Kør en fuld scanning med Ewido, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra Ewido og loggen fra SmitfraudFix (C:\rapport.txt).

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

Synes godt om

levich Nybegynder

08. juli 2006 - 15:58 #4

Ups, jeg så faktisk godt linjen, men blev distraheret mit i gennemgangen af loggen, og glemte alt om linjen. Nu må vi bare håbe på, at spørgeren ser dit indlæg, fromsej.

Her er point til fromsej: http://www.eksperten.dk/spm/719680

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

10/04

Test: Denne mikro-pc er langt mere slagkraftig end den ser ud

10/04

SAS Institute rykker rundt i topledelsen: Her er selskabets nye danske landechef

10/04

Dansk AI-ekspert med ildevarslende spådom: "Vi er alle sammen på vej hen imod en stor sort mur, og vi aner ikke, hvad der findes på den anden side"

10/04

Nørgaard: Jeg er skuffet over Googles Gemini - og jeg har min egen forklaring på, hvorfor det er gået galt for Google

10/04

Først blev Teams smidt på porten – nu vil Frankrig også af med Windows

10/04

Nyt job til Danmarks bedste CISO: Får ansvaret for 64.000 ansatte

10/04

Flere hundredetusinder togrejsende ramt: Stjålne persondata sat til salg efter cyberangreb

10/04

Så meget får de danske it-konsulenter i løn: Næsten alle forventer mere i lønposen ved næsten lønforhandling

10/04

Her er 10 konkrete måder at måle på, om kunstig intelligens skaber værdi for dig

10/04

Microsoft sænker prisen på tre af sine cloud-løsninger med 20 procent

10/04

Kunstig intelligens i praksis – og uden hype

Vis flere artikler

IT-JOB

Capgemini Danmark A/S

SAP S/4HANA Business Controlling

Politi

Projektleder til it-leverancer i politiets byggeprojekter

Netcompany A/S

Test Consultant

TV2

Data Engineer – CRM & Marketing Automation, TV 2 Teknologi

Forsvarsministeriets Materiel- og Indkøbsstyrelse

Netværksteknikere til design, drift og vedligehold ved Cyberdivisionen

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 09:46	Messinger virker ikke på Windows 10 og Windows 11 Af eksmojo i Windows
I går 17:32	Jeg kan ikke opdatere min iPad til ios 26.4.1. Af Bettina i Apps til iOS
I går 08:32	Office pakke LTSC vs Retail? Af Don G i Office & Kontorpakker
10/0421:19	Lydindstilling Prosonic TV Af TageArent i Fjernsyn & projektorer
10/0415:37	Sort skærm Af mort1 i Windows

White papers

Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta
Find den SOC-model, der virker i praksis
SecureDevice
Erfaringer fra frontlinjen: Sådan ændrer trusselsbilledet sig
Arctic Wolf
Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf

Flere white papers »