Søg
Avatar billede kklm Nybegynder
20. september 2006 - 21:05 Der er 11 kommentarer og
2 løsninger

MSN virus - hjælp

Så skal jeg lige se om min Pc er blevet ren.

Her følgende logs:

SUPERAntiSpyware Scan Log
Generated 09/20/2006 at 08:07 PM

Core Rules Database Version : 3088
Trace Rules Database Version: 1117

Memory threats detected  : 0
Registry threats detected : 106
File threats detected    : 66

Browser Hijacker.Deskbar
    HKLM\Software\Classes\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Implemented Categories
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\InprocServer32
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\ProgID
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Programmable
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\TypeLib
    HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\VersionIndependentProgID
    C:\Programmer\Deskbar\deskbar.dll
    HKCR\DBTB00001.DBTB00001
    HKCR\DBTB00001.DBTB00001\CLSID
    HKCR\DBTB00001.DBTB00001\CurVer
    HKCR\DBTB00001.DBTB00001.1
    HKCR\DBTB00001.DBTB00001.1\CLSID
    HKCR\DBTB00001.DeskBar
    HKCR\DBTB00001.DeskBar\CLSID
    HKCR\DBTB00001.DeskBar\CurVer
    HKCR\DBTB00001.DeskBar.1
    HKCR\DBTB00001.DeskBar.1\CLSID
    HKCR\DBTB00001.deskbarBHO
    HKCR\DBTB00001.deskbarBHO\CLSID
    HKCR\DBTB00001.deskbarBHO\CurVer
    HKCR\DBTB00001.deskbarBHO.1
    HKCR\DBTB00001.deskbarBHO.1\CLSID
    HKCR\DBTB00001.DeskbarEnabler
    HKCR\DBTB00001.DeskbarEnabler\CLSID
    HKCR\DBTB00001.DeskbarEnabler.1
    HKCR\DBTB00001.DeskbarEnabler.1\CLSID
    HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}
    HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\InprocServer32
    HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\ProgID
    HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\Programmable
    HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\TypeLib
    HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\VersionIndependentProgID
    HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}
    HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\InprocServer32
    HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\InprocServer32#ThreadingModel
    HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\ProgID
    HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\VersionIndependentProgID
    HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}
    HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0
    HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\0
    HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\0\win32
    HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\FLAGS
    HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\HELPDIR
    HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}
    HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid
    HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid32
    HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib
    HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib#Version
    HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}
    HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid
    HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid32
    HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib
    HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib#Version
    HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}
    HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid
    HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid32
    HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib
    HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib#Version
    HKU\S-1-5-21-3440299655-2339784337-3428976307-1006\Software\DBTB00001
    C:\deskbar7.exe
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\2JSHCXS1\deskbar[1].exe
    C:\WINDOWS\Prefetch\DESKBAR7.EXE-391A307E.pf

Adware.ToolBar888
    HKLM\Software\Classes\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
    HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
    HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
    HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\InprocServer32
    HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\InprocServer32#ThreadingModel
    HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\ProgID
    HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\Programmable
    HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\TypeLib
    HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\VersionIndependentProgID
    C:\Programmer\ToolBar888\MyToolBar.dll
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
    HKCR\MyToolBar.MyToolBarObj.1
    HKCR\MyToolBar.MyToolBarObj.1\CLSID
    HKCR\MyToolBar.MyToolBarObj
    HKCR\MyToolBar.MyToolBarObj\CLSID
    HKCR\MyToolBar.MyToolBarObj\CurVer
    HKCR\TypeLib\{CD2A09D7-EE7E-4c25-993C-C2678ECFAD01}
    C:\Programmer\Toolbar888\Activate.exe
    C:\Programmer\Toolbar888\MyToolBar.#ll
    C:\Programmer\Toolbar888\Uninst.exe
    C:\Programmer\Toolbar888
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#UninstallString
    HKLM\Software\Classes\MyToolBar.MyToolBarObj
    HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID
    HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer
    HKLM\Software\Classes\MyToolBar.MyToolBarObj.1
    HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID
    HKU\S-1-5-21-3440299655-2339784337-3428976307-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}
    C:\WINDOWS\Prefetch\ACTIVATE.EXE-0D2C00EF.pf

Adware.Tracking Cookie
    C:\DOCUME~1\ANNEHU~1\LOKALE~1\Temp\Cookies\anne hundebøl@servedby.advertising[1].txt
    C:\DOCUME~1\ANNEHU~1\LOKALE~1\Temp\Cookies\anne hundebøl@advertising[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@ad.adtoma[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@ad.iskon[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@ad.ofir[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@ad.zanox[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@ad1.emediate[2].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@adfair[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@adopt.euroclick[2].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@ads.arto[2].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@ads.monster[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@ads2.jubii[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@adsrevenue[2].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@banner.monacogoldcasino[2].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@click.cashengines[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@cpvfeed[2].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@keygencrack[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@komtrack[2].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@lynxtrack[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@m1.webstats4u[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@stat.inleadmedia[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@stat.katalysatormedia[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@stats.drivecleaner[2].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@tacoda[2].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@track.adform[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@webstats4u[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@www.keygencrack[1].txt
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@www2.mystats[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@belnk[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@cassava[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@dist.belnk[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@paypopup[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@toplist[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@track.adform[1].txt

Registry Cleaner Trial
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [  ]

Trojan.SmartLoad
    HKLM\Software\Microsoft\drsmartload2
    HKLM\Software\Microsoft\drsmartload2#Installed
    C:\WINDOWS\drsmartload2.dat

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-3440299655-2339784337-3428976307-1006\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ]
    HKU\S-1-5-21-3440299655-2339784337-3428976307-1006\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Trojan.DollarRevenue
    C:\WINDOWS\newname.dat
    C:\WINDOWS\keyboard1.dat
    C:\WINDOWS\system32\drsmartload1135a.#xe

Trojan.Freeprod
    C:\Documents and Settings\Anne Hundebøl\alfa.exe
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\QJMXGXAP\alfa[1].exe
    C:\WINDOWS\system32\alfa.exe
    C:\WINDOWS\Prefetch\ALFA.EXE-26AEB65E.pf
    C:\WINDOWS\Prefetch\ALFA.EXE-2A773BA1.pf

Adware.Director
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temp\temp.fr6AE4\Activate.exe

Trojan.Defender1
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\2JSHCXS1\dfndrff_e[1].exe
    C:\WINDOWS\Prefetch\DFNDRFF_E7.EXE-2CCD89F4.pf

Trojan.GimmySmilies
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\2JSHCXS1\nwnmff_e[1].exe

Trojan.WinSysBan
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\GDWFYH0N\kybrdff_e[1].exe

Adware.NicTech Networks
    C:\WINDOWS\system32\csmdlg32.#ll
    C:\WINDOWS\system32\hvsetup.#ll
    C:\WINDOWS\system32\mlvcr71.#ll
    C:\WINDOWS\system32\shncui.#ll
    C:\WINDOWS\system32\tdolhelp.#ll
    C:\WINDOWS\system32\wCvemsp.#ll

RelevantKnowledge Spyware Component
    C:\WINDOWS\system32\rk.#xe

Trojan.Unknown Origin
    C:\WINDOWS\teller2.chk



---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            20:59:35, 20-09-2006
+ Rapport-Checksum:        D3624707

+ Scanningsresultat:
    HKU\S-1-5-21-3440299655-2339784337-3428976307-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Renset med backup
    [204] C:\WINDOWS\system32\s6pulg7916.dll -> Adware.Look2Me : Fejl under renselse
    [708] C:\WINDOWS\system32\ocecli32.dll -> Adware.Look2Me : Fejl under renselse
    [844] C:\WINDOWS\system32\ocecli32.dll -> Adware.Look2Me : Fejl under renselse
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@axa.addcontrol[2].txt -> TrackingCookie.Addcontrol : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@com[2].txt -> TrackingCookie.Com : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\Cookies\anne hundebøl@targad[2].txt -> TrackingCookie.Targad : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\drsmartload1135a.#xe -> Downloader.Adload.fo : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temp\temp.fr6AE4\MyToolBar.#ll -> Adware.Softomate : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\23MNS7QV\drsmartload1135a[1].#xe -> Downloader.Adload.fo : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\2JSHCXS1\sprY[1].exe -> Worm.VB.aj : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\GDWFYH0N\Installer[1].#xe -> Adware.Look2Me : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\GDWFYH0N\Xinstall[1].exe -> Heuristic.Win32.Morphine-Crypted : Renset med backup
    C:\Documents and Settings\Anne Hundebøl\sprY.exe -> Worm.VB.aj : Renset med backup
    C:\Documents and Settings\Lasse\Cookies\lasse@com[2].txt -> TrackingCookie.Com : Renset med backup
    C:\Programmer\Fælles filer\uueeocbt\somaptnp\lcobdtto.#xe -> Adware.Gator : Renset med backup
    C:\Programmer\Fælles filer\uueeocbt\unpatefloa\raoqdslfc.#xe -> Adware.Gator : Renset med backup
    C:\RECYCLER\S-1-5-21-3440299655-2339784337-3428976307-1006\Dc69.exe -> Worm.VB.aj : Renset med backup
    C:\RECYCLER\S-1-5-21-3440299655-2339784337-3428976307-1006\Dc72.#xe -> Adware.Look2Me : Renset med backup
    C:\RECYCLER\S-1-5-21-3440299655-2339784337-3428976307-1006\Dc73.#xe -> Adware.Look2Me : Renset med backup
    C:\RECYCLER\S-1-5-21-3440299655-2339784337-3428976307-1006\Dc74.exe -> Downloader.VB.ach : Renset med backup
    C:\WINDOWS\system32\3.exe/dev.exe -> Backdoor.Rbot.biz : Renset med backup
    C:\WINDOWS\system32\sprY.exe -> Worm.VB.aj : Renset med backup


::Rapport slut


_________________________________________________________________
drsmartload1135a.exe;C:\Documents and Settings\Anne Hundebøl;Adware.DollarRevenue;Renamed.;
Installbo-fsg.exe\data001;C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temp\Installbo-fsg.exe;Adware.Gator;;
Installbo-fsg.exe;C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temp;Archive contains infected objects;Moved.;
Installmnl-fsg.exe\data001;C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temp\Installmnl-fsg.exe;Adware.Gator;;
Installmnl-fsg.exe;C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temp;Archive contains infected objects;Moved.;
MyToolBar.dll;C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temp\temp.fr6AE4;Adware.FastSearch;Renamed.;
drsmartload1135a[1].exe;C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\23MNS7QV;Adware.DollarRevenue;Renamed.;
MTE3NDI6ODoxNg[1].exe;C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\23MNS7QV;Trojan.DownLoader.5013;Deleted.;
Installer[1].exe;C:\Documents and Settings\Anne Hundebøl\Lokale indstillinger\Temporary Internet Files\Content.IE5\GDWFYH0N;Adware.Look2me;Renamed.;
lcobdtto.exe;C:\Programmer\Fælles filer\uueeocbt\somaptnp;Adware.Gator;Renamed.;
raoqdslfc.exe;C:\Programmer\Fælles filer\uueeocbt\unpatefloa;Adware.Gator;Renamed.;
Update.exe;C:\Programmer\Spybot - Search & Destroy;Trojan.DownLoader.12902;Deleted.;
MyToolBar.dll;C:\Programmer\ToolBar888;Adware.FastSearch;Renamed.;
Dc72.exe;C:\RECYCLER\S-1-5-21-3440299655-2339784337-3428976307-1006;Adware.Look2me;Renamed.;
Dc73.exe;C:\RECYCLER\S-1-5-21-3440299655-2339784337-3428976307-1006;Adware.Look2me;Renamed.;
A0029399.dll;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP130;Adware.FastSearch;Renamed.;
A0029435.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP132;Adware.DollarRevenue;Renamed.;
A0029449.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP132;Trojan.DownLoader.12291;Deleted.;
A0029453.dll;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP132;Adware.FastSearch;Renamed.;
A0029492.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP133;Trojan.DownLoader.12291;Deleted.;
A0030494.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP133;Trojan.DownLoader.9899;;
A0030499.dll;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP133;Adware.Look2me;Renamed.;
A0030539.dll;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Adware.Softomate;Renamed.;
A0030541.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Trojan.DownLoader.12291;Deleted.;
A0030542.dll;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Adware.Look2me;Renamed.;
A0030548.dll;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Adware.Look2me;Renamed.;
A0030551.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Adware.DollarRevenue;Renamed.;
A0030552.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Adware.Gator;Renamed.;
A0030553.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Adware.Gator;Renamed.;
A0030554.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Trojan.DownLoader.12902;Deleted.;
A0030555.dll;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Adware.FastSearch;Renamed.;
A0030556.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Adware.Look2me;Renamed.;
A0030557.exe;C:\System Volume Information\_restore{E821F918-C7D6-4727-899B-481517F4E97E}\RP135;Adware.Look2me;Renamed.;
csmdlg32.dll;C:\WINDOWS\system32;Adware.Look2me;Renamed.;
drsmartload1135a.exe;C:\WINDOWS\system32;Adware.DollarRevenue;Renamed.;
hvsetup.dll;C:\WINDOWS\system32;Adware.Look2me;Renamed.;
mlvcr71.dll;C:\WINDOWS\system32;Adware.Look2me;Renamed.;
rk.exe;C:\WINDOWS\system32;Program.ProxyOSS;Renamed.;
shncui.dll;C:\WINDOWS\system32;Adware.Look2me;Renamed.;
tdolhelp.dll;C:\WINDOWS\system32;Adware.Look2me;Renamed.;
_________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 21:12:34, on 20-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\MSN virus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmer\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e7.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e7.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\ocecli32.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programmer\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe


Mvh.
Lasse Andersen
Avatar billede nva Praktikant
20. september 2006 - 21:33 #1
Den er IKKE ren :

O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e7.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e7.exe

Men det er nye malware-programmer for mig så vent til en rigtig ekspert kommer forbi ;-)
Avatar billede kklm Nybegynder
20. september 2006 - 21:41 #2
dem har jeg også lokaliseret - men umiddelbart kan jeg heller ikke se flere selv
Avatar billede levich Nybegynder
20. september 2006 - 21:55 #3
Bemærk de her linjer fra Ewido-loggen:
[204] C:\WINDOWS\system32\s6pulg7916.dll -> Adware.Look2Me : Fejl under renselse
[708] C:\WINDOWS\system32\ocecli32.dll -> Adware.Look2Me : Fejl under renselse
[844] C:\WINDOWS\system32\ocecli32.dll -> Adware.Look2Me : Fejl under renselse

Tyder på, at Look2me infektionen ikke er fjernet.
Avatar billede kklm Nybegynder
20. september 2006 - 21:56 #4
Nu log fra HJT:

Logfile of HijackThis v1.99.1
Scan saved at 22:03:22, on 20-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\MSN virus\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmer\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programmer\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
Avatar billede levich Nybegynder
20. september 2006 - 22:03 #5
Det ser meget bedre ud. Hvad har du gjort siden den forrige hijackthis-log?
Avatar billede kklm Nybegynder
21. september 2006 - 00:00 #6
Efterfølgende har jeg kørt Ad-aware og Spy-bot - de fjernede det sidste snavs - så tror at maskinen er ren nu :)
Avatar billede kklm Nybegynder
21. september 2006 - 00:09 #7
Jeg kom slet ikke til at bruge HJT i denne proces - idet de to ovennævnte programmer fjernede det sidste snavs.

Jeg har lidt erfaring indenfor de forskellige måder at fjerne sådan noget her - men uden den guide Fromsej har lavet var jeg virkelig på herrens mark.

Der er godt nok sket en hel del mht. programmer til at fjerne spyware og orme. Da jeg startede benyttede jeg mig blot af følgende programmer:

SpywareBlaster
SpywareGuard
Ad-aware
Spy-Bot
AVG - antivirus
Kerio Firewall
Samt HJT hvis det var rigtig slemt

De nye scannere tager bare utrolig lang tid om at scanne hele PC'en igennem - men er nok også mere grundig.

Takker i hvert fald for hjælpen. Hvis i lige lægger nogle svar - så kan vi få uddelt points :)
Avatar billede levich Nybegynder
21. september 2006 - 00:17 #8
svar
Avatar billede kklm Nybegynder
21. september 2006 - 00:20 #9
Venter lige med at dele points ud til i morgen - hvis nu "nva" skulle have lyst til at svare :D
Avatar billede forevernewbie Nybegynder
21. september 2006 - 01:18 #10
Jeg vil æde en hat på at den ikke er ren. Den lægger en del skidt, som scannerne ikke finder endnu, og som ikke ses i loggen. Prøv lige at køre dette fix:


Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Læg loggen her ind.
Avatar billede nva Praktikant
21. september 2006 - 07:53 #11
Ifølge loggen er den ren nu, men derfor kan du jo alligevel godt prøve forevernewbie's råd. Hellere køre en rensning for meget end en for lidt.
Avatar billede kklm Nybegynder
21. september 2006 - 17:14 #12
Rensningen foregik på en bekendts PC - kan godt prøve at køre den fil på et senere tidspunkt - men vurderede selv at computeren var ren :)

I hvert fald skal i alle sammen have tak for hjælpen!
Avatar billede forevernewbie Nybegynder
21. september 2006 - 18:55 #13
Helt ok.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 12:32 iPadOS 26.4.1 kan ikke opdatere Af claes57 i Apps til iOS
08/0410:38 Indholdsfortegnelse ændrer sig, når jeg gemmer som PDF Af Jan K i Word
06/0419:53 installer mange programmer på en gang Af Overgaard1654 i Andet software
06/0417:48 Min hp Officejet pro 7740 skærer det nederste af billedet i word Af rosmarin i Printere
06/0413:13 Batch OCR Af KurtG i Billedbehandling
White papers
Flere white papers »