CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede per_pj Nybegynder
12. maj 2007 - 16:41 Der er 13 kommentarer og
1 løsning

Hijackthis logfil

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:38:09, on 12-05-2007
Platform: Windows XP  (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\MSN Messenger\usnsvc.exe
D:\Skrivebord\HiJackThis_v2.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09d8761f-aaad-4f7e-b30b-5892eb3a7b35} - C:\WINDOWS\system32\MFCics.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\System32\tmp2.tmp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\khiiif.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mlwakyygp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB40} (Sony SNC-Z20 Image Viewer) - http://83.91.83.165/home/SonySncZ20View.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128771256531
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: MFCics - C:\WINDOWS\SYSTEM32\MFCics.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 8143 bytes
Avatar billede ejvindh Ekspert
12. maj 2007 - 21:40 #1
Jeg ser på den :-)
Avatar billede ejvindh Ekspert
12. maj 2007 - 21:43 #2
-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

--  Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede per_pj Nybegynder
12. maj 2007 - 22:57 #3
Takker... Det er et stort indhold i combofix.txt filen, men her er den:

ComboFix 07-05.09.V - Running from: "D:\Skrivebord\"

    /wow section - STAGE #3

((((((((((((((((((((((((((((((((((((((((((((((((((  V Log  )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\MFCics.dll


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ipv6mons.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp5C.tmp.dll
C:\WINDOWS\system32\tmp9C.tmp.dll
C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\lsasss.exe
C:\WINDOWS\system32\mlwakyygp.dll
C:\WINDOWS\system32\media
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\poof
C:\cp1041.nls

Infected copy of C:\WINDOWS\system32\drivers\ndis.sys was found & disinfected
Restored copy from - "C:\WINDOWS\system32\dllcache\ndis.sys"


(((((((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NTLDR.SYS
-------\LEGACY_POOF
-------\ntldr.sys


(((((((((((((((((((((((((((((((  Files Created from 2007-04-05 to 2007-05-12  ))))))))))))))))))))))))))))))))))


2007-05-12 19:39    <DIR>    d--------    C:\WINDOWS\LastGood.Tmp
2007-05-09 19:56    106,768    --a------    C:\WINDOWS\khiiif.dll
2007-05-09 17:57    <DIR>    d--------    C:\WINDOWS\wb
2007-04-30 17:57    <DIR>    d--------    C:\DOCUME~1\PERBEC~1\APPLIC~1\Lavasoft
2007-04-30 17:48    <DIR>    d--------    C:\Programmer\Lavasoft
2007-04-29 23:57    873    --a------    C:\WINDOWS\QSFVExit.bat
2007-04-29 19:14    106,752    --a------    C:\WINDOWS\wvvvsq.dll
2007-04-29 17:32    <DIR>    d--------    C:\WINDOWS\Oversigt
2007-04-29 17:32    <DIR>    d--------    C:\WINDOWS\Installationsfiler til Windows Update
2007-04-12 17:49    722,192    --a------    C:\WINDOWS\system32\VB40032.DLL
2007-04-12 17:49    <DIR>    d--------    C:\WINDOWS\NPCommon


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-09 15:34:44    --------    d-----w    C:\DOCUME~1\PERBEC~1\APPLIC~1\uTorrent
2007-04-22 16:17:51    --------    d-----w    C:\Programmer\Musicator Delta
2007-04-22 12:43:46    --------    d-----w    C:\Programmer\DAEMON Tools
2007-04-22 12:29:05    682,232    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2007-04-21 20:01:54    737,280    ----a-w    C:\WINDOWS\iun6002.exe
2007-04-09 16:50:03    --------    d-----w    C:\DOCUME~1\PERBEC~1\APPLIC~1\Sony
2007-04-09 16:45:49    --------    d-----w    C:\DOCUME~1\PERBEC~1\APPLIC~1\NetMedia Providers
2007-04-09 16:45:48    --------    d-----w    C:\DOCUME~1\PERBEC~1\APPLIC~1\Publish Providers
2007-04-09 16:18:31    81,132    ----a-w    C:\WINDOWS\system32\perfc006.dat
2007-04-09 16:18:31    433,496    ----a-w    C:\WINDOWS\system32\perfh006.dat
2007-04-09 16:16:53    --------    d-----w    C:\Programmer\Microsoft SQL Server
2007-04-09 16:07:26    --------    d-----w    C:\Programmer\Vstplugins
2007-04-09 16:06:32    --------    d-----w    C:\Programmer\Sony
2007-04-09 15:51:03    --------    d-----w    C:\DOCUME~1\PERBEC~1\APPLIC~1\Sony Setup
2007-04-09 15:50:27    --------    d-----w    C:\Programmer\Sony Setup
2007-04-09 11:25:35    --------    d-----w    C:\DOCUME~1\PERBEC~1\APPLIC~1\Propellerhead Software
2007-04-09 11:24:49    233,472    ----a-w    C:\WINDOWS\system32\REX Shared Library.dll
2007-04-08 20:46:47    --------    d-----w    C:\Programmer\QuickTime
2007-04-08 20:46:47    --------    d-----w    C:\Programmer\MSN Messenger
2007-04-08 20:46:47    --------    d-----w    C:\Programmer\MessengerPlus! 3
2007-04-08 20:45:37    37,442    ----a-w    C:\WINDOWS\UpdReg.EXE
2007-04-06 13:29:53    --------    d-----w    C:\DOCUME~1\PERBEC~1\APPLIC~1\DivX
2007-04-03 17:50:46    --------    d-----w    C:\DOCUME~1\PERBEC~1\APPLIC~1\Media Player Classic
2007-04-03 17:46:43    --------    d-----w    C:\Programmer\DivX
2007-04-03 12:38:30    --------    d-----w    C:\Programmer\vanBasco's Karaoke Player
2007-03-27 07:55:57    524,288    ----a-w    C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48    3,596,288    ----a-w    C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31    36,624    ------w    C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-03-27 07:55:31    129,784    ------w    C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31    118,520    ------w    C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31    116,472    ------w    C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23    200,704    ----a-w    C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23    1,044,480    ----a-w    C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07    73,728    ----a-w    C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07    196,608    ----a-w    C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05    53,248    ----a-w    C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03    593,920    ----a-w    C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02    57,344    ----a-w    C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02    344,064    ----a-w    C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02    294,912    ----a-w    C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02    294,912    ----a-w    C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59    823,296    ----a-w    C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58    823,296    ----a-w    C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58    802,816    ----a-w    C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58    639,066    ----a-w    C:\WINDOWS\system32\DivX.dll
2007-03-26 11:33:34    44,992    ----a-w    C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-03-10 17:22:48    --------    d-----w    C:\DOCUME~1\PERBEC~1\APPLIC~1\Screenshot Sender
2007-03-10 17:22:14    --------    d-----w    C:\Programmer\Messenger Plus! Live
2007-03-10 15:46:53    --------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-03-08 19:32:24    --------    d-----w    C:\Programmer\AC3Filter
2007-03-08 19:32:16    22,710    ----a-w    C:\WINDOWS\system32\uninstall.exe
2007-03-08 19:26:59    --------    d-----w    C:\Programmer\Sigma Player
2007-03-08 18:31:47    --------    d-----w    C:\Programmer\Apple Software Update
2007-03-08 18:30:00    --------    d-----w    C:\Programmer\Fælles filer\Ulead
2007-03-08 18:30:00    --------    d-----w    C:\Programmer\Fælles filer
2007-03-08 18:27:35    --------    d-----w    C:\Programmer\Fælles filer\InstallShield
2007-03-08 18:26:21    --------    d-----w    C:\Programmer\Fælles filer\Microsoft Shared
2007-03-07 18:52:06    --------    d-----w    C:\Programmer\Winamp
2007-02-16 01:40:35    124,472    ----a-w    C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"CTSysVol"="C:\\Programmer\\Creative\\SBAudigy LS\\Surround Mixer\\CTSysVol.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"ISUSPM"="\"C:\\Programmer\\Fælles filer\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Programmer\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"C:\\Programmer\\MSN Messenger\\msnmsgr.exe\" /background"
"DAEMON Tools"="\"C:\\Programmer\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
  Authentication Packages    msv1_0\0\0
  Security Packages    kerberos\0msv1_0\0schannel\0wdigest\0\0
  Notification Packages    scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^adobe gamma loader.lnk
C:\PROGRA~1\FLLESF~1\Adobe\CALIBR~1\ADOBEG~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^adobe reader speed launch.lnk
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^hp digital imaging monitor.lnk
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^logitech desktop messenger.lnk
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^symantec winfax starter port.lnk
C:\PROGRA~1\MICROS~2\Office\1030\OLFSNT40.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^per beck hansen^menuen start^programmer^start^adobe gamma.lnk
C:\PROGRA~1\FLLESF~1\Adobe\CALIBR~1\ADOBEG~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Programmer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp component manager
"C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp software update
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hppromo psc 1300 series
"C:\Programmer\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\incapan
IncaPan.Exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\infodata
rundll32.exe "C:\WINDOWS\wvvvsq.dll",realset

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Programmer\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechsoftwareupdate
C:\Programmer\Logitech\Video\ManifestEngine.exe boot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideorepair
C:\Programmer\Logitech\Video\ISStart.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideotray
C:\Programmer\Logitech\Video\LogiTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvcomsx
C:\WINDOWS\System32\LVCOMSX.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Programmer\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
nwiz.exe /install

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picasa media detector
C:\Programmer\Picasa2\PicasaMediaDetector.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Programmer\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\steam
C:\Programmer\Steam\Steam.exe -silent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winampagent
C:\Programmer\Winamp\winampa.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService    Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService    DnsCache\0\0
rpcss    RpcSs\0\0
imgsvc    StiSvc\0\0
termsvcs    TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070512-163755-522
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe (file missing)
backup-20070512-163341-704
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe (file missing)
backup-20070512-163324-611
O20 - AppInit_DLLs: 
backup-20070512-163017-586
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe (file missing)
backup-20070512-163017-729
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 22:47:42
Windows 5.1.2600  NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-12 22:49:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-12 22:49
Avatar billede Jensen DK Novice
13. maj 2007 - 06:40 #4
Når den er renset så tag lige og opdater med SP 2 og alle opdateringer ca 80 stk.
ellers holder PCèn ikke længe.
Avatar billede ejvindh Ekspert
13. maj 2007 - 10:09 #5
Jeg vil gerne tilslutte mig silbidor's kommentar. Derudover ser det ganske fornuftigt ud. Prøv nu dette:

-- Hent "SuperAntiSpyware free" herfra:
http://www.spywarefri.dk/downloads1.htm
Installer, og opdater scannereren. Men vent med at scanne.

Fuld vejledning til superantispyware finder du her:
http://www.spywarefri.dk/manualer/superantispyware-manual.htm

-- Gå ind i kontrolpanel-tilføj/fjern programmer, og se om du kan få lov til at afinstallere følgende programmer:
Messenger+
(Messenger+ er sponsoreret af spywareproducenter. Du har godt nok ikke fået spywaren installeret, men det kunne måske være en overvejelse værd, om du vil bruge et program, der står i alliance med dem, der lægger spyware-skidtet ud på nettet.)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Du skal nu til at slette. Som indledning hertil skal du have slået "Udvidet filvisning" til:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-- Slet herefter følgende (hvis du kan finde dem):
Mapper:
C:\Programmer\MessengerPlus! 3
C:\Programmer\Messenger Plus! Live

Filer:
C:\WINDOWS\khiiif.dll
C:\WINDOWS\wvvvsq.dll

-- Start SuperAntispyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

-- Genstart til normal tilstand. Åbn SuperAntispyware-scannereren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden. Lav også en frisk log med Hijackthis, som du lægger herind.
Avatar billede per_pj Nybegynder
13. maj 2007 - 19:34 #6
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:33:14, on 13-05-2007
Platform: Windows XP  (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
c:\programmer\internet explorer\iexplore.exe
D:\Skrivebord\HiJackThis_v2.exe
C:\Programmer\MSN Messenger\usnsvc.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB40} (Sony SNC-Z20 Image Viewer) - http://83.91.83.165/home/SonySncZ20View.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128771256531
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 6888 bytes
Avatar billede ejvindh Ekspert
13. maj 2007 - 20:24 #7
-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart

Derudover vil jeg også gerne se logfilen fra SuperAntispyware. Ellers har jeg lidt svært ved at vurdere, hvordan tilstanden på din computer er.

-- Genstart så computeren, og læg en ny log fra Hijackthis herind til gennemsyn
Avatar billede per_pj Nybegynder
13. maj 2007 - 21:08 #8
Okay, det gør jeg lige så. Jeg vælger dog at lade Messengerplus ligge
Avatar billede per_pj Nybegynder
13. maj 2007 - 22:48 #9
Hijack loggen kommer senere...

SUPERAntiSpyware Scan Log
Generated 05/13/2007 at 10:43 PM

Application Version : 3.5.1016

Core Rules Database Version : 3237
Trace Rules Database Version: 1248

Scan type      : Complete Scan
Total Scan Time : 01:33:54

Memory items scanned      : 370
Memory threats detected  : 0
Registry items scanned    : 6519
Registry threats detected : 0
File items scanned        : 42281
File threats detected    : 143

Adware.Tracking Cookie
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@e2.emediate[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@clickbank[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.burstnet[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@1070527576[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@bannere.fyens[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@track.adform[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@overture[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@2o7[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@a[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@1071590396[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@tracker.bitebbs[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@statcounter[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adbrite[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@atdmt[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.sestat[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@pulz.banneradministration[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.dailyrush[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@yieldmanager[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.smartadserver[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adfair[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@stat.postdanmark[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@clicksor[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@advert.runescape[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@82763522[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@azjmp[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@xiti[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@tripod.lycos[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@tribalfusion[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ad1.clickhype[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@yadro[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.hitsquad[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adtech[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@easywarez[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@kanoodle[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@cassava[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.rowise[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.realtechnetwork[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@bluestreak[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@clicktorrent[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@alivemedia[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adserver.banneradministration[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@3.adbrite[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.windowsmedia[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@888[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@76711721[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.banneradmin.rai[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@cpvfeed[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@cz6.clickzs[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adultfriendfinder[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@as1.falkag[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@cgi-bin[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@burstnet[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adv.surinter[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@clickmpg[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.adbrite[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@toplist[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@indextools[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@m1.webstats.motigo[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@doubleclick[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ad1.emediate[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@mb[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@mb[3].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@mtg.banneradministration[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ad.zanox[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ehg-hollywood.hitbox[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@statse.webtrendslive[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adrevolver[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@questionmarket[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@hotlog[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@stats24[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.clickclickclick[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@1067115718[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.comprabanner[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@server.cpmstar[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@1072650370[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@tradedoubler[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@partypoker[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.vg.basefarm[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@mediaplex[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.jackpotmadness[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@megasexonvideo[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.clickxchange[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adrevolver[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.glispa[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@data2.perf.overture[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adserving.cpxinteractive[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@estat[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.ticketsnow2[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@4.adbrite[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@stats1.reliablestats[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@advertising[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adopt.specificclick[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.ticketsnow[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@banner.eurogrand[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@smileycentral[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@aff.primaryads[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.pointroll[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@1069681258[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@hitbox[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@revsci[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@atwola[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ehg-ads.hitbox[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adserver.adtech[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@mywebsearch[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@m.rmbclick[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@tripod.lycos[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@fastclick[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@php[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@serving-sys[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@mediaservices.myspace[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.i-am-bored[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@sexlist[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@1071922390[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@cgi-bin[3].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@lynxtrack[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ad[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@login.tracking101[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads.mininova[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@server.iad.liveperson[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@mediamaker[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@banner.fynskemedier[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@specificclick[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@indexstats[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@da-tracking[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@ads1.partnerlogic[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@media.fastclick[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@members.tripod[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@www.counter[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@web-stat[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@usenext[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@rotator.adjuggler[1].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@38492175[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@bs.serving-sys[2].txt
    C:\Documents and Settings\Per Beck Hansen\Cookies\per beck hansen@adinterax[1].txt

Trojan.Net-Jovi/DN
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MFCICS.DLL.VIR

Trojan.Downloader-MSNETAX
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MLWAKYYGP.DLL.VIR

Adware.Vundo Variant
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP3.TMP.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP5C.TMP.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP9C.TMP.DLL.VIR

Adware.WhenU
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEA7773B-6774-4B80-85BA-FCF2C3DB6679}\RP435\A0071316.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEA7773B-6774-4B80-85BA-FCF2C3DB6679}\RP435\A0071320.EXE
Avatar billede per_pj Nybegynder
14. maj 2007 - 00:27 #10
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:27:09, on 14-05-2007
Platform: Windows XP  (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\MSN Messenger\usnsvc.exe
D:\Skrivebord\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\PERBEC~1\LOKALE~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB40} (Sony SNC-Z20 Image Viewer) - http://83.91.83.165/home/SonySncZ20View.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128771256531
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 6636 bytes
Avatar billede Computer Hjælp (Gratis) Mester
14. maj 2007 - 08:13 #11
Hmmm -> MessengerPlus! 3 ->
http://www.spywareinfo.dk/#/tests/messengerplus.htm
Avatar billede Computer Hjælp (Gratis) Mester
14. maj 2007 - 08:15 #12
Du har ikke opdateret dit Windows XP til ServicePack2 (SP2).
"Ubeskyttede pc’er holder i 20 minutter":
http://www.comon.dk/index.php/news/show/id=18812

Det er ikke så godt, for så er du ikke sikret mod mange af de vira, der suser rundt på nettet og kigger efter uopdaterede maskiner. Som du kan være et godt eksempel på !!!

Du kan hente ServicePack2 (SP2) her som 'løs' fil (~280Mb):
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/
Download/copy til et passende sted på din PC.
Afbryd fra det 'farlige' internet (stikket fysisk UD).
Instaler SP2 pakken.
Når det er så gået godt og efter en genstart eller to - først DA tilslut internettet igen og gå i start ->programmer ->Windowsupdate og lade din maskine scanne for nyeste opdateringer. Installer dem du får anbefalet.
Der skal nok være mere end 80 'pakker' ...

VENT MED SELVE SP2 INSTALATIONEN TIL ACCEPT FRA <ejvindh> ...
VENT MED SELVE SP2 INSTALATIONEN TIL ACCEPT FRA <ejvindh> ...
VENT MED SELVE SP2 INSTALATIONEN TIL ACCEPT FRA <ejvindh> ...
Avatar billede Jensen DK Novice
14. maj 2007 - 12:57 #13
Hvis du ikke opdatere til SP 2 og ca 80 opdateringer så får du ikke mere hjælp.
Avatar billede ejvindh Ekspert
14. maj 2007 - 22:58 #14
Der er en enkelt entry i Hijackthis-loggen, som jeg synes tyder på lidt yderligere infektion. Derfor vil jeg foreslå, at du også kører Smitfraudfix på computeren:

-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Kør herefter Hijackthis igen, og fix denne linie:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra SmitfraudFix (C:\rapport.txt).
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Fjerne adgangskode Af Geo" søster i Andet sikkerhed 4 25/04/202418:19 26/04/202422:46
Krypetring af USB -stick Af FinBalance i Andet sikkerhed 16 04/03/202412:39 08/03/202415:52
Hvorfor nævnes VPN beskyttelse aldrig af eksperter? Af jcr18 i Andet sikkerhed 11 01/03/202419:47 04/03/202411:25
Glemt skærmlås Af Betkri i Andet sikkerhed 18 13/02/202410:39 15/02/202409:48
I facebok kommer efterhånden konstant samme reklame/ annonce op Af Novice-1 i Andet sikkerhed 5 08/02/202417:15 10/02/202410:24
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:08 Port forwarding på Nokia Beacon 2 fra Bornfiber Af Computerwolrd! i Wifi
I går 20:43 Udskrive logo på kuvert Af lurup i Word
I går 19:16 Ældre Imac vil ikke længere opdatere - kan jeg gøre noget? Af Bård Jensen i Mac
I går 19:00 Adgang til Messenger-gruppe via link Af Bård Jensen i Sociale medier
I går 16:50 Opgradering eller ny PC? Af Blød trafikant i Windows
White papers
Flere white papers »


Premium
Teaser billede
Netcompany-system skal i udbud: Står klar med kontrakt til 250 millioner kroner
Læs mere »
Microsoft på vej redningskrans til brugere af gammel version af SQL Server
62 procent af store statslige it-projekter med Netcompany er gået over budget: Vil kalde minister i samråd
Så mange af de statslige it-projekter er gået over budget siden 2018: Se hele listen her
Se alle »
Computerworld
Teaser billede
Apotekskæde lukker alle butikker efter "cybersikkerhedshændelse"
Læs mere »
Test: Vi vil altså virkeligt gerne beholde HP's nye pc - men den koster 360.000 kroner
Hypet browser bliver nu lanceret til Windows: Skal blive til et styresystem for internettet
Nørgaard: Jeg kunne have været ejer af KMD, hvis ikke nogle pengedrenge havde kontaktet KMD's chefer
Se alle »
CIO
Teaser billede
Top-CIO Anne Nørklit færdig hos Tryg: “Jeg vil bruge sommeren på at overveje, hvad fremtiden skal bringe”
Læs mere »
Sådan har Topsoe rullet AI ud til 2.700 medarbejdere: Fik 158 forslag til konkrete AI-projekter - udvalgte 15 pilotprojekter
Tre måneder efter exit fra Scandiavian Tobacco: Top-CIO Kenneth Messerschmidt har landet nyt job
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Se alle »
Job & Karriere
Teaser billede
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Læs mere »
Knap 40 procent af disse it-folk tjener tjener mindst 57.000 kroner om måneden
Medarbejderne fik udleveret badetøfler ved indflytningen: Kom med inden for i IBM Danmarks nye topmoderne hovedkontor
Så meget tjener dine kollegaer: Her er alle data fra Computerworlds store it-lønstatistik for 2024
Se alle »
White paper
Teaser billede
SASE: Træf det rette valg – første gang
Læs mere »
Unbreakable - sådan sikrer du dig vedvarende og uafbrudt adgang til dine data
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »