Søg
Avatar billede lqnne Nybegynder
24. august 2007 - 19:19 Der er 23 kommentarer og
1 løsning

computersystem går ned efter jeg downl. en fil (hijackthis log)

i går downloade jeg en fil som jeg skulle bruge til at se en video med. Det var så ikke lige en ActiveX.fil som der stod.
Lige siden er min computer begyndt at komme med sådanne små "OBS", hvor der står at mit computersystem-"et eller andet" er på 43%, og at mit internetsystem står på 38%..

1. først kommer der en log fra hijackthis
2. norton finder dette, men den får det ikke fjernet. Det kommer igen hele tiden


1.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:42:42, on 24-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Video ActiveX Access\imsmain.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\programmer\powerstrip\pstrip.exe
C:\Programmer\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Video ActiveX Access\imsmn.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\Xfire\xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrick Hoffmann\Lokale indstillinger\Temporary Internet Files\Content.IE5\03TN6YJH\HiJackThis_v2[1].exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://basilmarket.com/"); (C:\Documents and Settings\PATRICK HOFFMANN\Application Data\Mozilla\Profiles\default\on84od4t.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PATRICK HOFFMANN\Application Data\Mozilla\Profiles\default\on84od4t.slt\prefs.js)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Programmer\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Programmer\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmer\Fælles filer\Symantec Shared\SymProbe.exe -r "C:\Programmer\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pviever] "C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [PC Adware-Spware Removal] C:\Programmer\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe /quick
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmer\Fælles filer\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Programmer\Video ActiveX Access\imsmain.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Patrick Hoffmann\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Patrick Hoffmann\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Programmer\MANSION\Villa\MANSION.exe
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Programmer\MANSION\Villa\MANSION.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: crawley - {8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab} - C:\WINDOWS\system32\igpfced.dll (file missing)
O22 - SharedTaskScheduler: falsism - {6e886df7-914d-48f0-86b3-a5cf24385361} - C:\WINDOWS\system32\fwrkqfl.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10089 bytes






----------------------------------------------------------------------------------------------------------------------------------
2.
Her er hvad mit norton antivirus finder:


Source: Manual Scanner,Risk category: Virus,Action taken: Deleted,Description: Affected areas:
1 Files:
C:\RECYCLER\S-1-5-21-484763869-2111687655-839522115-500\Dc1\Gay-Lesbian-Photo.exe - Deleted

1 Processes:
C:\Programmer\Internet Explorer\iexplore.exe - Terminated

25 Registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch - Repaired
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page - Repaired
HKEY_USERS\S-1-5-21-484763869-2111687655-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Start Page - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page - Repaired
HKEY_USERS\S-1-5-21-484763869-2111687655-839522115-500\Software\Microsoft\Internet Explorer\Main\\Start Page - Repaired
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page - Repaired
HKEY_USERS\S-1-5-21-484763869-2111687655-839522115-1003\Software\Microsoft\Internet Explorer\Main\Search Page - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Search Page - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Search Page - Repaired
HKEY_USERS\S-1-5-21-484763869-2111687655-839522115-500\Software\Microsoft\Internet Explorer\Main\Search Page - Repaired
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page - Repaired
HKEY_USERS\S-1-5-21-484763869-2111687655-839522115-1003\Software\Microsoft\Internet Explorer\Main\Search Bar - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Search Bar - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Search Bar - Repaired
HKEY_USERS\S-1-5-21-484763869-2111687655-839522115-500\Software\Microsoft\Internet Explorer\Main\Search Bar - Repaired
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Bar - Repaired
HKEY_USERS\S-1-5-21-484763869-2111687655-839522115-1003\Software\Microsoft\Internet Explorer\Main\Use Search Asst - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Use Search Asst - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Use Search Asst - Repaired
HKEY_USERS\S-1-5-21-484763869-2111687655-839522115-500\Software\Microsoft\Internet Explorer\Main\Use Search Asst - Repaired
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Use Search Asst - Repaired

1 Additional areas:
Unknown - Deleted


Source: Manual Scanner,Risk category: Spyware,Overall Risk Impact: Low,Performance: Low,Privacy: High,Removal: Low,Stealth: Low,Action taken: Removed,Description: Affected areas:
2 Files:
c:\windows\system32\rk.bin - Deleted
c:\windows\system32\rlls.dll - Deleted

1 Additional areas:
Unknown - Deleted


Source: Manual Scanner,Risk category: Security risk,Overall Risk Impact: Medium,Performance: Medium,Privacy: Medium,Removal: Medium,Stealth: Medium,Action taken: Removed,Description: Affected areas:
135 Files:
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~df44e1.tmp - Reboot required
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~df4ac6.tmp - Reboot required
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfad9b.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfadec.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfaeb6.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfaeec.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfaf09.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfaf31.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb0e6.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb12b.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb22b.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb26f.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb320.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb40f.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb4e3.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb528.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb678.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb6e9.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb7b6.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb7f1.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb83d.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb879.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb93a.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb9d2.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfb9e1.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfba30.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfba75.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbac5.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbb26.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbb84.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbc12.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbc57.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbc86.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbdee.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbe43.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbe8d.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbea6.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbedf.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbf41.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfbf66.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc022.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc02c.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc067.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc09c.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc0a3.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc0ce.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc0f5.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc127.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc16c.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc18b.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc220.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc25d.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc25f.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc2a4.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc2a6.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc2ac.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc2f1.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc2fb.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc340.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc359.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc3a4.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc3d7.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc454.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc473.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc498.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc4b8.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc4c6.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc531.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc558.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc59a.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc5b7.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc5df.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc632.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc635.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc7a3.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc81c.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc84c.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc861.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc921.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc934.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc981.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfc9f8.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfca37.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfca39.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfca3d.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfca5a.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfcac5.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfcb38.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfcb4b.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfcb55.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfcb7e.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfcbb9.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfccb3.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfccd4.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfd12b.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfd214.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfd258.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfd3be.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfd456.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfd5b5.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfdb81.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfdcc9.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfdf4b.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe275.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe338.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe4a1.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe4e6.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe544.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe5f7.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe623.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe6e2.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe715.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe727.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe771.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe7c2.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe8c0.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe99d.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfe9eb.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfee10.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfeef8.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfef3c.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dfefae.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dff06e.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dff0ab.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dff1df.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dff574.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dff7a8.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dff804.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dff897.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dff96b.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dff9af.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\~dffe0c.tmp - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\ni.uga6pk_0001_n105m2704\settings.ini - Deleted
c:\documents and settings\patrick hoffmann\lokale indstillinger\temp\ni.uga6pk_0001_n105m2704\setup.len - Deleted
C:\Documents and Settings\Patrick Hoffmann\Lokale indstillinger\Temp\NI.UGA6PK_0001_N105M2704 - Deleted

3 Registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Antiviruspcpakke - Deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride - Repaired


Source: Manual Scanner,Risk category: Security risk,Overall Risk Impact: Medium,Performance: Medium,Privacy: Medium,Removal: Medium,Stealth: Medium,Action taken: Removed,Description: Affected areas:
1 Additional areas:
Unknown - Deleted


Source: C:\Documents and Settings\Patrick Hoffmann\Lokale indstillinger\Temporary Internet Files\Content.IE5\ELKZI1M5\vl_setup[1].exe,Risk category: Security risk,Action taken: Access denied
Source: C:\Documents and Settings\Patrick Hoffmann\Lokale indstillinger\Temporary Internet Files\Content.IE5\RAW7VHGH\DrAntispySetup_177[1].exe,Risk category: Security risk,Action taken: Access denied
Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas:
1 Additional areas:
Unknown - Deleted


Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas:
1 Registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\user32.dll - Deleted

1 Additional areas:
Unknown - Deleted


Source: C:\WINDOWS\system32\fwrkqfl.dll,Action taken: Repair failed,Action taken: Access denied
Source: C:\Programmer\Video ActiveX Access\iesbpl.dll,Action taken: Repair failed,Action taken: Access denied
Source: C:\Programmer\Video ActiveX Access\imsunst.exe,Action taken: Repair failed,Action taken: Access denied
Source: C:\Programmer\Video ActiveX Access\iesunst.exe,Action taken: Repair failed,Action taken: Access denied
Source: C:\Programmer\Video ActiveX Access\iesmn.exe,Action taken: Repair failed,Action taken: Access denied
Avatar billede fromsej Praktikant
24. august 2007 - 19:33 #1
1. Du er hårdt ramt.
2. Norton er ikke den skarpeste kniv i skuffen til at fjerne noget som helst.
3. Følg vejledningen i denne artikel - http://www.eksperten.dk/artikler/1123
Avatar billede lqnne Nybegynder
24. august 2007 - 19:34 #2
der kom lige en ny OBS op:
Security alert: spyware found

Your computer is infected with last version of PSW.x-Vir trojan. PSW trojans steal your private information such as:
Password, IP-address, credit card information, registration details, documents, etc.

og hvis jeg trykker på boblen, så kommer der en ny hjemmeside op med et nyt antivirus program, hver gang et nyt der kommer op :/
Avatar billede fromsej Praktikant
24. august 2007 - 19:39 #3
Se mit forrige indlæg.
Avatar billede lqnne Nybegynder
24. august 2007 - 19:45 #4
tak, jeg går den lige igennem.
Avatar billede lqnne Nybegynder
24. august 2007 - 21:28 #5
Har ikke fået nogle OBS siden jeg gik den guide igennem. Men mit lydkort virker stadig ikke.
Det her kommer op når jeg vil høre musik:
"iTunes har fundet et problem med lydkonfigurationen.
Afspildning af lyd og video virker måske ikke optimalt."
Avatar billede johnstigers Seniormester
24. august 2007 - 22:49 #6
Du har ikke kigget artiklen igennem, for du mangler nogle logs...
Avatar billede lqnne Nybegynder
24. august 2007 - 22:58 #7
jo, jeg har alle undtagen den fra SUPERAntiSpyware som du kan læse http://www.eksperten.dk/artikler/1123 hvis du lige vil kigge artiklen igennem.
men mit lydkort fungere igen, skulle bare installere mine cd'er igen, og opdatere driveren.
Avatar billede lqnne Nybegynder
24. august 2007 - 23:02 #8
her er den nyeste logfil fra hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:01:11, on 24-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\Xfire\xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\iTunes\iTunes.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Patrick Hoffmann\Skrivebord\installation\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://basilmarket.com/"); (C:\Documents and Settings\Patrick Hoffmann\Application Data\Mozilla\Profiles\default\on84od4t.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Patrick Hoffmann\Application Data\Mozilla\Profiles\default\on84od4t.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmer\Fælles filer\Symantec Shared\SymProbe.exe -r "C:\Programmer\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pviever] "C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [PC Adware-Spware Removal] C:\Programmer\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe /quick
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmer\Fælles filer\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Patrick Hoffmann\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Patrick Hoffmann\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Programmer\MANSION\Villa\MANSION.exe
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Programmer\MANSION\Villa\MANSION.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
Avatar billede johnstigers Seniormester
24. august 2007 - 23:07 #9
http://www.eksperten.dk/artikler/1123 - der er 4 logs du skal kopiere herind.

"Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt, indholdet af denne fil må du gerne lægge herind, sammen med Hijackthislogfilen, Rootchk logfilen og loggen fra SuperAntiSpyware.
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok.

Det vil sige ialt fire logfiler."
Avatar billede lqnne Nybegynder
24. august 2007 - 23:24 #10
og så skrev jeg:
hvor skal jeg lægge mine logs ind? og hvorfor er der ikke en logfil inde i SUPERAntiSpyware > Preferences > Statistics/logs? (har kørt hele programmet, (40min) men den har ikke lagt en logfil derind)

fordi der ikke er nogen logfil der ^
Avatar billede lqnne Nybegynder
24. august 2007 - 23:27 #11
ComboFix 07-08-17.2 - "Patrick Hoffmann" 2007-08-24 21:00:11.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.45.1030.18.478 [GMT 2:00]
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\video activex access
C:\Programmer\video activex access\iesbunst.exe
C:\Programmer\video activex access\imsmn.exe
C:\Programmer\video activex access\ot.ico
C:\Programmer\video activex access\ts.ico


(((((((((((((((((((((((((  Files Created from 2007-07-24 to 2007-08-24  )))))))))))))))))))))))))))))))


2007-08-24 20:56    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-08-24 20:02    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-24 19:55    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-24 19:54    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-24 19:54    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-08-24 19:54    <DIR>    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-24 19:48    <DIR>    d--------    C:\Programmer\CCleaner
2007-08-23 17:33    <DIR>    d--------    C:\Programmer\BearShare Applications
2007-08-19 23:48    <DIR>    d--------    C:\DOCUME~1\PATRIC~1\Contacts
2007-08-19 23:47    <DIR>    d----c---    C:\WINDOWS\system32\DRVSTORE
2007-08-19 16:22    <DIR>    d--------    C:\WINDOWS\Deer Drive
2007-08-19 16:22    <DIR>    d--------    C:\Programmer\Deer Drive
2007-08-18 16:49    <DIR>    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\Leadertech
2007-08-18 16:48    <DIR>    d--------    C:\Programmer\Atari
2007-08-18 13:09    <DIR>    d--------    C:\Programmer\Activision
2007-08-18 00:28    68,888    --a------    C:\WINDOWS\system32\xinput1_3.dll
2007-08-18 00:28    62,744    --a------    C:\WINDOWS\system32\xinput1_2.dll
2007-08-18 00:28    255,848    --a------    C:\WINDOWS\system32\xactengine2_6.dll
2007-08-18 00:28    251,672    --a------    C:\WINDOWS\system32\xactengine2_5.dll
2007-08-18 00:28    237,848    --a------    C:\WINDOWS\system32\xactengine2_4.dll
2007-08-18 00:28    236,824    --a------    C:\WINDOWS\system32\xactengine2_3.dll
2007-08-18 00:28    2,414,360    --a------    C:\WINDOWS\system32\d3dx9_31.dll
2007-08-18 00:28    15,128    --a------    C:\WINDOWS\system32\x3daudio1_1.dll
2007-08-18 00:28    <DIR>    d--hs----    C:\WINDOWS\ftpcache
2007-08-09 19:17    <DIR>    d--------    C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-03 15:38    <DIR>    d--------    C:\Programmer\wannabe
2007-08-03 00:02    <DIR>    d--------    C:\Programmer\Zeallsoft
2007-08-02 23:43    <DIR>    d--------    C:\Programmer\Deskshare
2007-08-02 22:11    <DIR>    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\Nexon
2007-08-01 01:28    <DIR>    d--------    C:\Programmer\Steam
2007-07-31 23:09    8,464    --a------    C:\WINDOWS\system32\sporder.dll
2007-07-29 17:23    <DIR>    d--------    C:\Casino


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-24 20:49    ---------    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\Skype
2007-08-24 19:37    ---------    d--------    C:\Programmer\LimeWire
2007-08-24 19:01    ---------    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\Microgaming
2007-08-24 17:34    ---------    d--------    C:\Programmer\PokerStars
2007-08-24 17:34    ---------    d--------    C:\Programmer\Betsson Poker
2007-08-23 22:56    ---------    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\uTorrent
2007-08-23 19:55    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-08-22 23:13    ---------    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\LimeWire
2007-08-22 11:57    ---------    d---s----    C:\Programmer\Xfire
2007-08-19 23:48    ---------    d--------    C:\Programmer\MSN Messenger
2007-08-11 16:15    ---------    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\Xfire
2007-08-01 01:39    ---------    d--------    C:\Programmer\CSConfigurator
2007-08-01 01:27    ---------    d--------    C:\Programmer\Valve
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-13 20:48    ---------    d--------    C:\Programmer\PartyGaming
2007-07-12 16:18    ---------    d--------    C:\Programmer\PC Adware-Spyware Removal
2007-07-12 16:18    ---------    d--------    C:\Programmer\Cyanide
2007-07-11 16:37    ---------    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\Pro Cycling Manager 2007
2007-07-08 14:59    ---------    d--------    C:\Programmer\EAdwareRemoval
2007-07-08 14:35    ---------    d--------    C:\Programmer\Lavasoft
2007-07-08 14:35    ---------    d--------    C:\DOCUME~1\PATRIC~1\APPLIC~1\Lavasoft
2007-07-07 23:01    ---------    d--------    C:\Programmer\DAEMON Tools
2007-07-07 22:50    685816    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2007-07-07 17:18    ---------    d--------    C:\Programmer\BitLord
2007-07-07 17:13    ---------    d--------    C:\Programmer\uTorrent
2007-07-06 17:44    ---------    d--------    C:\Programmer\Full Tilt Poker
2007-07-05 17:03    64648    --a------    C:\WINDOWS\system32\drivers\pe3akt6c.sys
2007-07-05 17:03    406920    --a------    C:\WINDOWS\system32\pr2akt6c.exe
2007-07-05 17:02    83592    --a------    C:\WINDOWS\system32\drivers\pf2akt6c.sys
2007-07-05 17:02    55440    --a------    C:\WINDOWS\system32\drivers\ps6akt6c.sys
2007-06-29 12:01    ---------    d--------    C:\Programmer\Bet24
2007-06-28 15:38    ---------    d--------    C:\Programmer\PokerChamps
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-20 00:13    40    --a------    C:\WINDOWS\ujf635.bin
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Symantec Shared
    ---------        C:\Programmer\Fælles filer\Microsoft Shared
    ---------        C:\Programmer\Fælles filer\InstallShield
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-11-17 04:33]
"nwiz"="nwiz.exe" [2003-11-17 04:33 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" []
"NAV CfgWiz"="C:\Programmer\Fælles filer\Symantec Shared\SymProbe.exe" []
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"pviever"="C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" []
"PowerStrip"="c:\programmer\powerstrip\pstrip.exe" [2007-04-15 22:21]
"PC Adware-Spware Removal"="C:\Programmer\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-03-30 13:34]
"AdobeUpdater"="C:\Programmer\Fælles filer\Adobe\Updater5\AdobeUpdater.exe" []
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"Steam"="C:\Programmer\Steam\Steam.exe" [2007-08-01 01:28]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

C:\Documents and Settings\Patrick Hoffmann\Menuen Start\Programmer\Start\
Xfire.lnk - C:\Programmer\Xfire\xfire.exe [2007-08-06 20:26:02]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-12 21:45:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys
R2 PStrip;PSTRIP;C:\WINDOWS\system32\drivers\pstrip.sys
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc
S3 geebers12;geebers12;\??\C:\Documents and Settings\Patrick Hoffmann\Skrivebord\MS Hack\UCE\blorbslayerengine\nvid888.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{826e75cc-2ca1-11dc-b167-000d87daddb2}]
AutoRun\command- F:\Exe\Autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-08-17 18:01:09 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Patrick Hoffmann.job - C:\PROGRA~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 21:01:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-24 21:03:29
C:\ComboFix-quarantined-files.txt ... 2007-08-24 21:03

    --- E O F ---








-------------------------------------------------------------------------------------





Logfile of HijackThis v1.99.1
Scan saved at 20:54:27, on 24-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Java\jre1.5.0_03\bin\jucheck.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Xfire\xfire.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Patrick Hoffmann\Skrivebord\installation\alternativ.exe
C:\Programmer\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://basilmarket.com/"); (C:\Documents and Settings\Patrick Hoffmann\Application Data\Mozilla\Profiles\default\on84od4t.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Patrick Hoffmann\Application Data\Mozilla\Profiles\default\on84od4t.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmer\Fælles filer\Symantec Shared\SymProbe.exe -r "C:\Programmer\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pviever] "C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [PC Adware-Spware Removal] C:\Programmer\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe /quick
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmer\Fælles filer\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Patrick Hoffmann\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Patrick Hoffmann\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Programmer\MANSION\Villa\MANSION.exe
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Programmer\MANSION\Villa\MANSION.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe




-------------------------------------------------------------------------------------




********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
24-08-2007 20:55:16,68

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 20:55:16
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:7547c999
"s2"=dword:b497df72
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f2,ca,02,91,a5,97,0d,78,85,25,dc,62,29,41,d4,a0,cf,59,81,48,a2,..
"p0"="C:\Programmer\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,74,fd,c9,94,f5,c0,74,c0,94,5f,9c,29,88,6a,f3,ff,1a,..
"khjeh"=hex:da,87,50,2a,9b,3b,8e,33,f3,6a,bc,78,e6,ee,a7,05,45,f8,81,bd,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e1,db,33,14,56,50,c0,f0,3b,2c,49,65,8c,ce,98,da,ad,9a,33,fc,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:7d,6e,a3,0c,64,6a,6a,cc,d5,32,e4,31,d9,f9,4f,76,02,e7,32,ef,87,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f2,ca,02,91,a5,97,0d,78,85,25,dc,62,29,41,d4,a0,cf,59,81,48,a2,..
"p0"="C:\Programmer\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,74,fd,c9,94,f5,c0,74,c0,94,5f,9c,29,88,6a,f3,ff,1a,..
"khjeh"=hex:da,87,50,2a,9b,3b,8e,33,f3,6a,bc,78,e6,ee,a7,05,45,f8,81,bd,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e1,db,33,14,56,50,c0,f0,3b,2c,49,65,8c,ce,98,da,ad,9a,33,fc,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:7d,6e,a3,0c,64,6a,6a,cc,d5,32,e4,31,d9,f9,4f,76,02,e7,32,ef,87,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0





-------------------------------------------------------------------------------------
Avatar billede Computer Hjælp (Gratis) Mester
24. august 2007 - 23:48 #12
Det har været nogle 'sjove' film du har downloaded ? ->
C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe ???

At du også 'leger' med P2P programmer er det jo dømt til at gå galt !!!
C:\Programmer\BearShare Applications
C:\Programmer\LimeWire
C:\Programmer\BitLord
C:\Programmer\uTorrent

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

+ 117 andre Uønskede elementer som jeg vil lade <Fromsej> om at fortælle om *S*
Avatar billede fromsej Praktikant
25. august 2007 - 10:35 #13
Afinstaller alle fildelingsprogrammer, de er årsagen til dine problemer, og den største smittespreder overhovedet på nettet.
BearShare, LimeWire, BitLord og uTorrent.
Afinstaller også PC Adware-Spyware Removal, EAdwareRemoval
---------------------------------------
Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [pviever] "C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
O4 - HKLM\..\Run: [PC Adware-Spware Removal] C:\Programmer\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe /quick
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot

---------------------------------------
Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

File::
c:\windows\system32\rlvknlg.exe

Folder::
C:\Programmer\BearShare Applications
C:\Programmer\LimeWire
C:\Documents and Settings\Patrick Hoffmann\Application Data\uTorrent
C:\Documents and Settings\Patrick Hoffmann\Application Data\LimeWire
C:\Programmer\PC Adware-Spyware Removal
C:\Programmer\EAdwareRemoval
C:\Programmer\BitLord
C:\Programmer\uTorrent
C:\Program Files\Gay-Lesbian-Photo

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Hvis Combofix ikke genstarter maskinen når den er færdig, så genstart selv.
---------------------------------------
Vi skal se en frisk hijackthislog, samt den nye combofixlog.
Avatar billede lqnne Nybegynder
25. august 2007 - 14:16 #14
Det har været nogle 'sjove' film du har downloaded ? ->
C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe

sådan er det at holde fest for idioter!

okay fromsej (^)
Avatar billede Computer Hjælp (Gratis) Mester
30. august 2007 - 18:47 #15
(Status?)
Avatar billede lqnne Nybegynder
30. august 2007 - 20:48 #16
har fået fjernet alt som ikke skal være på computeren.
Avatar billede lqnne Nybegynder
30. august 2007 - 20:57 #17
fromsej lig lige et svar
Avatar billede johnstigers Seniormester
30. august 2007 - 21:21 #18
tror ikke han ligger svar...

"Vi skal se en frisk hijackthislog, samt den nye combofixlog."
Avatar billede lqnne Nybegynder
31. august 2007 - 12:36 #19
så må han lade være (: tak for hjælpen drenge
Avatar billede johnstigers Seniormester
31. august 2007 - 15:39 #20
Hmm.... Kan du ikke se fromsej skriver sidst i sin kommentar: "Vi skal se en frisk hijackthislog, samt den nye combofixlog."
Avatar billede fromsej Praktikant
31. august 2007 - 15:51 #21
Vi kan ikke tvinge nogen john. :-)
Avatar billede lqnne Nybegynder
31. august 2007 - 18:07 #22
nemlig john :)
Avatar billede johnstigers Seniormester
31. august 2007 - 20:05 #23
Nej det er jo op til spørger selv :)
Avatar billede fromsej Praktikant
31. august 2007 - 23:36 #24
Tak for point. :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:08 Bruge PHP til at hente hjemmeside med fsockopen Af Strawberry i PHP
I går 13:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
I går 11:32 Hjælp til kontrol af sygefravær Af Maja i Excel
27/0113:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
White papers
Flere white papers »