CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede peras180 Nybegynder
19. april 2007 - 22:04 Der er 26 kommentarer og
1 løsning

HJT log fil, HJÆLP!!

hej...
er kommet til at instalere noget skidt på min computer, så nu går den helt amok... er der ikke en venlig sjæl der vil skimte min hijack this logfil igennem? ville virkelig være en stor hjælp...

på forhånd tak, Peter.
Avatar billede fromsej Praktikant
19. april 2007 - 22:13 #1
Kom bare med den, så skal vi nok tjekke.

(Kommer den hurtigt, skal jeg nok tage første runde, men en anden er nødt til at gøre færdigt, jeg går Offline en måneds tid)
Avatar billede peras180 Nybegynder
19. april 2007 - 22:20 #2
Logfile of HijackThis v1.99.1
Scan saved at 21:59:13, on 19-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Video AX Object\bpmon.exe
C:\Programmer\Video AX Object\smmain.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\$-peter's private-$\Skrivebord\lll\yodm3D\Yodm3D.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Video AX Object\bpmini.exe
C:\Programmer\Video AX Object\smmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\$-peter's private-$\Skrivebord\Ny mappe\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmer\NewDotNet\newdotnet7_48.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Programmer\Video AX Object\bpvol.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\$-peter's private-$\Skrivebord\lll\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
Avatar billede fromsej Praktikant
19. april 2007 - 22:24 #3
-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra SmitfraudFix (C:\rapport.txt).

Info til hvem der måtte overtage resten:
Der er Newdotnet i loggen, så husk LSPfix.
Avatar billede peras180 Nybegynder
19. april 2007 - 22:43 #4
SmitFraudFix v2.171

Scan done at 22:40:08,42, 19-04-2007
Run from C:\Documents and Settings\$-peter's private-$\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}"="calocarpum"

[HKEY_CLASSES_ROOT\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\czxtyx.dll Deleted
C:\DOCUME~1\ALLUSE~1\MENUEN~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\MENUEN~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\$-PETE~1\FORETR~1\Online Security Test.url Deleted
C:\Programmer\SpywareLocked 3.5\ Deleted
C:\Programmer\Video AX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11g Netværkskort - Miniport til Packet Scheduler
DNS Server Search Order: 193.162.153.164
DNS Server Search Order: 194.239.134.83

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A4AFB2CF-4FA2-469A-8330-4EF3920A846F}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A4AFB2CF-4FA2-469A-8330-4EF3920A846F}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4AFB2CF-4FA2-469A-8330-4EF3920A846F}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Avatar billede fromsej Praktikant
19. april 2007 - 22:45 #5
Så en frisk Hijackthislog.
Avatar billede peras180 Nybegynder
19. april 2007 - 22:49 #6
Logfile of HijackThis v1.99.1
Scan saved at 22:45:34, on 19-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\$-peter's private-$\Skrivebord\lll\yodm3D\Yodm3D.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\$-peter's private-$\Skrivebord\Ny mappe\hjt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmer\NewDotNet\newdotnet7_48.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\$-peter's private-$\Skrivebord\lll\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
Avatar billede peras180 Nybegynder
19. april 2007 - 22:50 #7
det er faktisk forsvundet nu... og min computer fungerer normalt.... men kan du se om der noget andet snavs tilbage?
Avatar billede fromsej Praktikant
19. april 2007 - 22:56 #8
Det hjalp rigtig meget, men vi skal lige have det sidste med.

Hent Crapcleaner her:
http://www.filehippo.com/download_ccleaner/
---------------------------------------
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet filer og mapper listet nedenunder, kør SaS.

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmer\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s

---------------------------------------
Sletning af \mapper\ og filer:
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
-------------------
Mapper:
C:\Programmer\NewDotNet\
-------------------
Filer:
Ingen
---------------------------------------
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Installer Crapcleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
---------------------------------------
Genstart, tjek om din netforbindelse virker, gør den ikke så start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Repairs, klik på Repair broken network connection(Winsock LSP chain), klik så på Perform Repair, genstart, når den beder om det.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Vi skal også se en frisk hijackthislog.
Avatar billede fromsej Praktikant
19. april 2007 - 23:00 #9
Jeg tjekkede lige din profil, du er helt ny herinde, så velkommen til Eksperten. :-)
Her er en vejledning i brugen af dette fantastiske forum, så du får mest mulig glæde af det.
http://expfaq.dk/
Avatar billede fromsej Praktikant
19. april 2007 - 23:25 #10
Ejvindh overtager det videre forløb, men der burde ikke være mere at komme efter.
Jeg kigger ind igen om en måneds tid. :-)
Avatar billede peras180 Nybegynder
19. april 2007 - 23:30 #11
er igang med at scanne med sas nu... den finder en hel del snavs
Avatar billede ejvindh Ekspert
19. april 2007 - 23:52 #12
Jeg skal nok se på det, når scanningen bliver færdig *S*
Avatar billede peras180 Nybegynder
20. april 2007 - 00:03 #13
SUPERAntiSpyware Scan Log
Generated 04/19/2007 at 11:48 PM

Application Version : 3.5.1016

Core Rules Database Version : 3221
Trace Rules Database Version: 1231

Scan type      : Complete Scan
Total Scan Time : 00:22:27

Memory items scanned      : 219
Memory threats detected  : 0
Registry items scanned    : 4588
Registry threats detected : 120
File items scanned        : 46496
File threats detected    : 221

Adware.Tracking Cookie
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@a[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@stats[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@statcounter[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@mb[5].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ad.yieldmanager[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads.agurken[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ehg-gamespot.hitbox[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@komtrack[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@cgi-bin[5].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@dk.winantivirus[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@webstat.yamaha[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@toplist[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adtech[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@yourmedia[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@cgi-bin[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@vhost.oddcast[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@clicktorrent[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.stilemedia[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@server.iad.liveperson[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@tribalfusion[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@e-2dj6wjkowocjchp.stats.esomniture[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@indextools[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@azjmp[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@c.enhance[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@links[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@yadro[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads.intentmediaworks[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@flixbanner.bearshare[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@tacoda[3].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adservices6.enhance[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@tripod[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@cs.sexcounter[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads.ssl.jubii[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.winantivirus[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads.arto[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@media.downloadmediacentral[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.amaena[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@fastclick[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@catalog.zango[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.burstnet[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@msnportal.112.2o7[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@free.wegcash[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@indexstats[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@lp.zango[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@winantivirus[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@e2.emediate[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@sexlist[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@webstat[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@valueclick[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@overture[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@cassava[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@xiti[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@z1.adserver[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ad1.emediate[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@atdmt[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@list[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@fortunecity[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@revsci[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@mb[3].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@cgi-bin[6].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@yamaha.122.2o7[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adserver.softwareonline[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@realmedia[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adserver.banneradministration[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@stat.postdanmark[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@888[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads.beamfile[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@drivecleaner[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@bs.serving-sys[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@hit.stat[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@i.screensavers[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ehg-alt64.hitbox[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adlegend[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@statse.webtrendslive[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@m1.webstats4u[3].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@stats1.reliablestats[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@data2.perf.overture[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@doubleclick[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@2o7[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@cgi-bin[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@perf.overture[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@advertising[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@click.cashengines[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.screensavers[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adopt.hbmediapro[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@as1.falkag[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@atwola[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@mediaservices.myspace[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adserving.cpxinteractive[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@stilemedia[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@counter.hitslink[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@banner.bearflix[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adfair[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@zedo[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@hitbox[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@findwhat[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@revenue[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@serving-sys[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@mediaplex[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@amaena[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@phg.hitbox[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adbrite[3].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adserver.easyad[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads.addynamix[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@43126847[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@searchadnetwork[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@tradedoubler[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ad.zanox[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@c.goclick[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@trafficmp[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.burstbeacon[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@casalemedia[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ad1.hardware[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@stats.drivecleaner[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@cts.metricsdirect[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@80570461[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@edsa.122.2o7[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@7372395[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@qnsr[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@estat[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@metacafe.122.2o7[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@tour.splash.sexsearch[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads.stileproject[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@netmediagroup[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@track.adform[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@89539488[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@cpvfeed[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@wt.sexsearchcom[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@specificclick[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.smartadserver[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.drivecleaner[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@tracking.quisma[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@e-2dj6wgkignczgfq.stats.esomniture[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ehg-digg.hitbox[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.riverbelle[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@82763522[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adopt.euroclick[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ehg-discoverynetwork.hitbox[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.0stats[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@stat.inleadmedia[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ehg-youtube.hitbox[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads.gamers-globe[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.searchadnetwork[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@mb[6].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.ppctracking[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@microsoftwga.112.2o7[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@rotator.adjuggler[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@questionmarket[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adidm.supermedia[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@dk.drivecleaner[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adserv.muchosucko[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adserver.adreactor[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@sexdebut[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ad.ofir[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ad[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@1068164036[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@cgi-bin[3].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.free-sex-sexy-gallery[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@www.spylocked[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@ads2.techno4ever[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@malwarewiped[1].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@as-eu.falkag[1].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@tradedoubler[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@atdmt[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@ad.yieldmanager[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@advertising[1].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@ads.arto[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@tradedoubler[1].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@adtech[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@track.adform[3].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@track.adform[1].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@doubleclick[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@adopt.hbmediapro[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@fastclick[1].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@adbrite[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@casalemedia[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@clicktorrent[2].txt
    C:\Documents and Settings\$-peter's private-$\Lokale indstillinger\Temp\Cookies\$-peter's private-$@clicklab.pctools[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adsense[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@adbrite[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@toplist_porno[1].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@toplist_porno[3].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@m1.webstats4u[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@e2.emediate[2].txt
    C:\Documents and Settings\$-peter's private-$\Cookies\$-peter's private-$@track.adform[2].txt

Adware.Mirar/NetNucleus
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
    C:\WINDOWS\MIRAR_DISTRO_876260.EXE
    C:\RECYCLED\DC2165.EXE

Adware.Zango Toolbar
    HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}
    HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}#AppID
    HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\InprocServer32
    HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\InprocServer32#ThreadingModel
    HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\ProgID
    HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\Programmable
    HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\TypeLib
    HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\VersionIndependentProgID

Adware.180solutions/ZangoSearch
    HKLM\Software\Zango Programs
    HKLM\Software\Zango Programs\Zango Toolbar
    HKLM\Software\Zango Programs\Zango Toolbar#ToolbarMoved
    HKLM\Software\Zango Programs\Zango Toolbar#SearchURL
    HKLM\Software\Zango Programs\Zango Toolbar#UpdateDate
    HKLM\Software\Zango Programs\Zango Toolbar\History
    HKCR\ZangoToolbar.ZCToolBand
    HKCR\ZangoToolbar.ZCToolBand\CLSID
    HKCR\ZangoToolbar.ZCToolBand\CurVer
    HKCR\ZangoToolbar.ZCToolBand.1
    HKCR\ZangoToolbar.ZCToolBand.1\CLSID
    HKCR\AppId\ZangoToolbar.DLL
    HKCR\AppId\ZangoToolbar.DLL#AppID
    HKCR\AppId\{F1F040D5-E8F8-4680-B101-9334E9773841}
    HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}
    HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0
    HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0\0
    HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0\0\win32
    HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0\FLAGS
    HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0\HELPDIR
    HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}
    HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid
    HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid32
    HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib
    HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib#Version

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
    HKCR\WAP6.PCheck
    HKCR\WAP6.PCheck\CLSID
    HKCR\WAP6.PCheck\CurVer
    HKCR\WAP6.PCheck.1
    HKCR\WAP6.PCheck.1\CLSID
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32#ThreadingModel
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\ProgID
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Programmable
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\VersionIndependentProgID
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version
    HKU\S-1-5-21-2539257088-1361317194-4241001221-1005\Software\WinAntiVirus Pro 2006
    C:\WINDOWS\system32\stera.job
    C:\Programmer\WinAntiVirus Pro 2006\history.db
    C:\Programmer\WinAntiVirus Pro 2006
    C:\Documents and Settings\$-peter's private-$\Application Data\WinAntiVirus Pro 2006\Logs
    C:\Documents and Settings\$-peter's private-$\Application Data\WinAntiVirus Pro 2006

Trojan.NewDotNet
    HKCR\Tldctl2.URLLink
    HKCR\Tldctl2.URLLink\CLSID
    HKCR\Tldctl2.URLLink\CurVer
    HKCR\Tldctl2.URLLink.1
    HKCR\Tldctl2.URLLink.1\CLSID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#URLInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#URLUpdateInfo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#VersionMajor
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#VersionMinor
    HKU\.DEFAULT\Software\New.net
    HKU\S-1-5-21-2539257088-1361317194-4241001221-1005\Software\New.net
    HKU\S-1-5-18\Software\New.net
    HKLM\Software\New.net
    HKLM\Software\New.net#Activity
    HKLM\Software\New.net#InstalledVersion
    HKLM\Software\New.net#InstalledPath
    HKLM\Software\New.net#Tag
    HKLM\Software\New.net#DiscardTag
    HKLM\Software\New.net#FirstTime
    HKLM\Software\New.net#Source
    HKLM\Software\New.net#Prt
    HKLM\Software\New.net#LSPStatus
    HKLM\Software\New.net#NextUpgradeHi
    HKLM\Software\New.net#NextUpgradeLo
    HKLM\Software\New.net#UpgradeCounter
    HKLM\Software\New.net#Search
    HKLM\Software\New.net#Complete
    C:\Programmer\NewDotNet
    C:\WINDOWS\NDNUNINSTALL7_48.EXE
    C:\WINDOWS\NDNUNINSTALL7_22.EXE
    C:\WINDOWS\NDNUNINSTALL6_38.EXE
    C:\DOCUMENTS AND SETTINGS\$-PETER'S PRIVATE-$\SKRIVEBORD\NY MAPPE\BACKUPS\BACKUP-20070419-231430-410.DLL
    C:\RECYCLED\DC2205.DLL
    C:\RECYCLED\DC2207.EXE
    C:\RECYCLED\DC2208.EXE

Adware.Starware
    C:\Documents and Settings\$-peter's private-$\Application Data\Starware\Manager\ManagerOptions.xml
    C:\Documents and Settings\$-peter's private-$\Application Data\Starware\Manager\ManagerOptions.xml.backup
    C:\Documents and Settings\$-peter's private-$\Application Data\Starware\Manager
    C:\Documents and Settings\$-peter's private-$\Application Data\Starware

Trojan.Media-Codec/V2
    HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
    HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32
    HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32#ThreadingModel
    C:\DOCUMENTS AND SETTINGS\$-PETER'S PRIVATE-$\SKRIVEBORD\NY MAPPE\BACKUPS\BACKUP-20070418-223729-241.DLL
    C:\DOCUMENTS AND SETTINGS\$-PETER'S PRIVATE-$\SKRIVEBORD\NY MAPPE\BACKUPS\BACKUP-20070418-223937-331.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP189\A0071625.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP189\A0071635.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP189\A0071645.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP189\A0071658.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP189\A0071662.DLL

Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\DOCUMENTS AND SETTINGS\$-PETER'S PRIVATE-$\LOKALE INDSTILLINGER\TEMP\NI.UWA6PK_0001_N73M1204\SETUP.EXE

Trojan.NewDotNet-Installer
    C:\PROGRAMMER\THEMEXP\THEMEXP.ORG FILE\NNWDAB638.EXE

RelevantKnowledge Spyware Component
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP153\A0061477.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP153\A0062467.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP153\A0062468.EXE

Trojan.SearchTool
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP153\A0062470.DLL

Trojan.Smitfraud Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP189\A0071654.DLL

Browser Hijacker.Favorites
    C:\RECYCLED\DC2199.URL
    C:\RECYCLED\DC2200.URL
Avatar billede peras180 Nybegynder
20. april 2007 - 00:03 #14
hjt log coming up
Avatar billede peras180 Nybegynder
20. april 2007 - 00:04 #15
Logfile of HijackThis v1.99.1
Scan saved at 00:04:00, on 20-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\$-peter's private-$\Skrivebord\lll\yodm3D\Yodm3D.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\$-peter's private-$\Skrivebord\Ny mappe\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\$-peter's private-$\Skrivebord\lll\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
Avatar billede peras180 Nybegynder
20. april 2007 - 00:22 #16
jeg hopper sku i seng... men hvis du får tid til at kigge på det, så bare svar i denne tråd... så logger jeg lige på imorgen...

mvh peter
Avatar billede ejvindh Ekspert
20. april 2007 - 09:32 #17
Ja, hold da op. Der blev fundet noget af SAS. Der er ikke mere skidt tilbage i loggen fra Hijackthis, men det kunne måske være en god ide lige at give computeren en tur med Combofix, for at se om den finder noget:

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

--  Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede peras180 Nybegynder
20. april 2007 - 19:16 #18
"$-peter's private-$" - 07-04-20 19:12:33    Service Pack 2 
ComboFix 07-04-20V - Running from: C:\Documents and Settings\$-peter's private-$\Skrivebord\


((((((((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\screensavers.com\Wallpaper\Gran Turismo 3 - City Limits.jpg
C:\Programmer\screensavers.com\Wallpaper\swpstart.exe
C:\Programmer\screensavers.com\Wallpaper\Need For Speed Underground.jpg
C:\Programmer\screensavers.com


(((((((((((((((((((((((((((((((  Files Created from 2007-03-20 to 2007-04-20  ))))))))))))))))))))))))))))))))))


2007-04-19 23:52    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-04-19 23:06    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-04-19 23:06    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-19 23:06    <DIR>    d--------    C:\DOCUME~1\$-PETE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-19 23:05    <DIR>    d--------    C:\Programmer\Yahoo!
2007-04-19 23:05    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-04-19 23:05    <DIR>    d--------    C:\Programmer\CCleaner
2007-04-19 22:40    3,206    --a------    C:\WINDOWS\system32\tmp.reg
2007-04-19 22:39    79,360    --a------    C:\WINDOWS\system32\swxcacls.exe
2007-04-19 22:39    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-04-19 22:39    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-04-19 22:39    40,960    --a------    C:\WINDOWS\system32\swsc.exe
2007-04-19 22:39    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-04-19 22:39    135,168    --a------    C:\WINDOWS\system32\swreg.exe
2007-04-18 18:29    786,432    --ah-----    C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-18 18:29    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Menuen Start
2007-04-18 18:29    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Foretrukne
2007-04-18 18:29    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Dokumenter
2007-04-18 18:29    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Skabeloner
2007-04-18 18:29    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Printere
2007-04-18 18:29    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Lokale indstillinger
2007-04-18 18:29    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Andre computere
2007-04-18 18:29    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Skrivebord
2007-04-18 18:13    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-05 13:22    626,688    --a------    C:\WINDOWS\system32\msvcr80.dll
2007-03-23 12:53    <DIR>    d--------    C:\Programmer\iPod
2007-03-23 12:52    <DIR>    d--------    C:\Programmer\QuickTime
2007-03-23 12:51    <DIR>    d--------    C:\Programmer\Apple Software Update
2007-03-22 14:08    <DIR>    d--------    C:\Programmer\Enigma Software Group


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-17 15:45    292864    --a------    C:\WINDOWS\system32\winsrv.dll
2007-03-15 12:23    497496    --a------    C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19    526184    --a------    C:\WINDOWS\system32\xceedcry.dll
2007-03-08 17:38    577536    --a------    C:\WINDOWS\system32\user32.dll
2007-03-08 17:38    40960    ---------    C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38    281600    --a------    C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:35    1843584    ---------    C:\WINDOWS\system32\win32k.sys
2007-03-07 18:13    51442    --a------    C:\WINDOWS\system32\perfc006.dat
2007-03-07 18:13    333704    --a------    C:\WINDOWS\system32\perfh006.dat
2007-03-07 18:02    2560    --a------    C:\WINDOWS\_msrstrt.exe
2007-03-05 19:47    374    --a------    C:\DOCUME~1\$-PETE~1\APPLIC~1\internaldb6334.dat
2007-03-05 19:32    538    --a------    C:\DOCUME~1\$-PETE~1\APPLIC~1\internaldb8467.dat
2007-03-05 19:32    18432    --a------    C:\DOCUME~1\$-PETE~1\APPLIC~1\internaldb41.dat
2007-03-04 20:46    69698    --a------    C:\WINDOWS\distro_uplayme_stub_973387.exe
2007-02-24 14:12    --------    d--------    C:\Programmer\stardock
2007-02-22 15:25    --------    d--------    C:\Programmer\jowood
2007-02-05 22:19    185344    --a------    C:\WINDOWS\system32\upnphost.dll


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}    C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}    C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}    C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"SynTPLpr"="C:\\Programmer\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programmer\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Programmer\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yodm3D"="C:\\Documents and Settings\\$-peter's private-$\\Skrivebord\\lll\\yodm3D\\Yodm3D.exe"
"WMPNSCFG"="C:\\Programmer\\Windows Media Player\\WMPNSCFG.exe"
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
  Authentication Packages    REG_MULTI_SZ      msv1_0\0\0
  Security Packages    REG_MULTI_SZ      kerberos\0msv1_0\0schannel\0wdigest\0\0
  Notification Packages    REG_MULTI_SZ      scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter    REG_MULTI_SZ      HTTPFilter\0\0
LocalService    REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService    REG_MULTI_SZ      DnsCache\0\0
DcomLaunch    REG_MULTI_SZ      DcomLaunch\0TermService\0\0
rpcss    REG_MULTI_SZ      RpcSs\0\0
imgsvc    REG_MULTI_SZ      StiSvc\0\0
termsvcs    REG_MULTI_SZ      TermService\0\0
WudfServiceGroup    REG_MULTI_SZ      WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-20 19:14:28
C:\ComboFix-quarantined-files.txt ... 07-04-20 19:14
Avatar billede ejvindh Ekspert
20. april 2007 - 22:41 #19
Det ser fornuftigt ud. Kører computeren også som den skal?

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37
Avatar billede peras180 Nybegynder
20. april 2007 - 23:07 #20
ja computeren kører rigtig fint... jeg har downloadet en masse anti virus pg anti spyware programmer nu, så jeg burde være godt kørende..
og 1000 tak for hjælpen
Avatar billede ejvindh Ekspert
20. april 2007 - 23:25 #21
Du er velkommen. Du kan lukke tråden her ved at markere Fromsej's brugernavn her nederst til venstre, og så klikke på accepter. Så har han også lidt point at vende tilbage til, når han kommer tilbage fra "ferien" ;-)
Avatar billede peras180 Nybegynder
20. april 2007 - 23:34 #22
okay
Avatar billede Computer Hjælp (Gratis) Mester
20. april 2007 - 23:42 #23
(Det var ikke meget Fromsej fik af Point ?)
Avatar billede fromsej Praktikant
21. april 2007 - 10:46 #24
Fred være med det. :-)
Avatar billede peras180 Nybegynder
21. april 2007 - 11:35 #25
hvordan gør man?? jeg fatter minus af det med point... for min skyld må i gerne få alle mine point.... nu har jeg løst mit provlem, og så har jeg ikke noget ar bruge min profil til mere...
Avatar billede fromsej Praktikant
21. april 2007 - 12:10 #26
Nu er jeg ret ligeglad med point, jeg har rigeligt.
Men det du bør gøre nu hvor du har accepteret dit eget svar, er at oprette et nyt spørgsmål her i Viruskategorien, kaldet >>Point til fromsej<< og sætte det antal point af du mener hjælpen har været værd, så lægger jeg et svar på det, du accepterer mit svar, så er den potte ude.
Men da jeg sikkert ikke svarer alligevel inden for den første måneds tid, så er der ingen grund til at gøre det. :-)
Avatar billede Computer Hjælp (Gratis) Mester
21. april 2007 - 21:14 #27
"Fidusen" stå her -> http://expfaq.1go.dk/?id=3#behandling_af_svar
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 09:38 Kan ikke connecte til Microsoft SQL 2005 server fra Windows 11 Af MartinBall i MS SQL
I dag 08:53 Notifikationer væk. Af johnnylassen i Apps til Android
I dag 06:58 Hvem har købt dette? Af nu_igen i Foto & video
I går 21:02 Opslag på datoen i et dato og tid-felt Af Bjørn i Access
I går 18:08 Gamle dvd med billeder Af anne-68 i Billedbehandling
White papers
Flere white papers »


Premium
Teaser billede
Gør for anden gang på en uge klar til at indkøbe it-konsulenter for flere hundrede millioner kroner
Læs mere »
Nedtællingen er i gang: NIS2 træder i kraft om få dage
Pengene fosser ud af KMD: Hver sjette medarbejder har forladt selskabet på få år
Hvert femte danske it-selskab siger nej til opgaver på grund af mandskabsmangel - nu lurer et nyt problem i horisonten
Se alle »
Computerworld
Teaser billede
Test: Ny vejrstation tager konceptet til nye højder - med pollen og UV i realtid
Læs mere »
Millioner af franskmænd bruger dagligt disse tre sider – men nu er der blokeret for adgangen
Derfor vil batteriet i din smartphone fremover holde længere
Med en en bølge af AI-bærbare vil Dell sende alle corona-laptops på pension
Se alle »
CIO
Teaser billede
Her er den løsning, som skal erstatte Microsoft Office for alle medarbejdere i Digitaliseringsministeriet
Læs mere »
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Lad nu være med at bruge kræfter på at forsøge at droppe Microsoft: "Det er simpelthen energi brugt forkert"
Sådan tacklede Bauhaus-CIO Niels Nielsen stort ransomware-angreb: ”De krypterede vores VMWare-miljø med over 200 servere”
Se alle »
Job & Karriere
Teaser billede
Fungerede ikke: Dropper AI som erstatning for kundeservice-medarbejdere - har nu brug for nye folk
Læs mere »
NNIT har fyret 100 medarbejdere - nedjusterer markant
It-chef og halv it-afdeling fyret i forsikringsselskab på grund af kommentar om potteplante
Har fælles fortid i Devoteam: Nu etablerer disse fire tunge it-profiler nyt dansk konsulenthus - ser et hul i markedet
Se alle »
White paper
Teaser billede
Sikkerhed gjort enkelt: Beskyt din virksomhed direkte i browseren
Læs mere »
Undgå at printeren bliver svageste led i sikkerheden
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
Sådan får du reel værdi ud af Microsoft Copilot
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »