CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede dillermand Nybegynder
24. oktober 2007 - 21:55 Der er 10 kommentarer

Hijack this log fil

Er der en der kan kigge denne logfil igennem. Jeg får uønskede prompt-popups omkring jeg skal instalere noget der hedder ie defender! Vær venlig også at forklare hvad jeg skal gøre hvis i finder noget uønsket!
Avatar billede dillermand Nybegynder
24. oktober 2007 - 21:56 #1
Glemte lige logfilen!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:04, on 24-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FÆLLES~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\DR Desktop\DR_DES~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\DOCUME~1\js\LOKALE~1\Temp\_dr_desktop.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\programmer\mcafee\msc\mcuimgr.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Messenger\msmsgs.exe
C:\PROGRA~1\FÆLLES~1\McAfee\EmProxy\emproxy.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\js\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server01:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <HTML><HEAD><TITLE>StofaNet Signon</TITLE><META HTTP-EQUIV="title" CONTENT="Du er ikke logget p&aring;..."> <META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <SCRIPT language="javascript" type="text/javascript">
O1 - Hosts: newurl = false;
O1 - Hosts: var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
O1 - Hosts: function base64encode(str){var out,i,len;var c1,c2,c3;len=str.length;i=0;out="";while(i<len){c1=str.charCodeAt(i++)&0xff;if(i==len){out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt((c1&0x3)<<4);out+="==";break;}c2=str.charCodeAt(i++);if(i==len){out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));out+=base64EncodeChars.charAt((c2&0xF)<<2);out+="=";break;}c3=str.charCodeAt(i++);out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));out+=base64EncodeChars.charAt(((c2&0xF)<<2)|((c3&0xC0)>>6));out+=base64EncodeChars.charAt(c3&0x3F);}//yes Internet Explorer sucks because it can't do a btoa :-/
O1 - Hosts: return out;
O1 - Hosts: }
O1 - Hosts: if(document.location.href != ""){
O1 - Hosts: newurl = document.location.href;
O1 - Hosts: document.location.href = 'http://signon.stofanet.dk/?url='+base64encode(newurl);
O1 - Hosts: }
O1 - Hosts: function redirect(){
O1 - Hosts: if(newurl != false){
O1 - Hosts: window.setTimeout("document.location.href = 'http://signon.stofanet.dk/?url="+base64encode(newurl)+"'",10000);
O1 - Hosts: }
O1 - Hosts: }
O1 - Hosts: </SCRIPT>
O1 - Hosts: <STYLE type="text/css">
O1 - Hosts: h1{font-family: verdana, arial, sans-serif;font-size:20px;color: #000000;font-weight: normal;}
O1 - Hosts: h2{font-family: verdana, arial, sans-serif;font-size: 11px; font-weight: bold;color: #000000;}
O1 - Hosts: body{background-color:#ffffff;margin : 0px;font-family: verdana, arial, sans-serif;font-size: 11px;color: #000000;}
O1 - Hosts: .greyhr {color :#cccccc;background-color :#cccccc;border: 0;height : 1px;}
O1 - Hosts: .whitecontent{background-color:#Cf0566;font-family: verdana, arial, sans-serif;font-size: 11px;color: #ffffff;}
O1 - Hosts: a:link {color:#B1005D; text-decoration:none; }
O1 - Hosts: a:visited {color:#B1005D; text-decoration:none; }
O1 - Hosts: a:hover {color:#C41301; text-decoration:none; }
O1 - Hosts: a:active {color:#C41301; text-decoration:none; }
O1 - Hosts: </STYLE>
O1 - Hosts: </HEAD>
O1 - Hosts: <BODY onload="java script:redirect();">
O1 - Hosts: <table cellpadding=8 summary="Fejlbesked" width="100%" ><tr><td><h1>StofaNet Signon</h1><hr class="greyhr"><br><H2>Du er ikke logget p&aring;...</h2><BR><SCRIPT language="javascript" type="text/javascript">if (newurl != false){ document.write('Du har fors&oslash;gt at tilg&aring; hjemmesiden '+newurl+', men du er ikke logget p&aring;.<br>Du vil automatisk blive viderstillet til StofaNet signon i l&oslash;bet af 10 sekunder. Sker det ikke kan du <a href="http://signon.stofanet.dk/?url='+base64encode(newurl)+'" title="G&aring; til StofaNet signon siden">klikke her for at g&aring; direkte til StofaNet signon<\/a>.');}else{ document.write('Du har fors&oslash;gt at &aring;bne en hjemmeside, men du er ikke logget p&aring;.<br>Du skal f&oslash;rst logge p&aring; via StofaNet signon for at kunne komme ud p&aring; internettet. <a href="http://signon.stofanet.dk" title="G&aring; til StofaNet signon siden">Klik her for at komme til StofaNet signon siden<\/a>.');}</SCRIPT><NOSCRIPT> Du har fors&oslash;gt at &
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programmer\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The nssfrch - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - C:\WINDOWS\nssfrch.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Programmer\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programmer\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmer\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dr_desktop] "C:\Programmer\DR Desktop\DR_DES~1.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Promovec.local
O17 - HKLM\Software\..\Telephony: DomainName = Promovec.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Promovec.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Programmer\Fælles filer\Mediafour\MacDriveiTunesPatch.dll
O21 - SSODL: bxsbang - {DEE9E909-1FD7-401D-83F6-A36E275ADDCC} - C:\WINDOWS\bxsbang.dll
O21 - SSODL: ocgrep - {96E32303-1FB1-4021-8ADB-1ABC1903A848} - C:\WINDOWS\ocgrep.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FÆLLES~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FÆLLES~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 16847 bytes
Avatar billede Computer Hjælp (Gratis) Mester
25. oktober 2007 - 08:18 #2
-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet ~~~ linierne ind:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\bxsbang.dll
C:\WINDOWS\ocgrep.dll
C:\WINDOWS\kthemup.exe
C:\WINDOWS\movctrlswd.dll
C:\WINDOWS\nssfrch.dll
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O3 - Toolbar: The nssfrch - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - C:\WINDOWS\nssfrch.dll
O21 - SSODL: bxsbang - {DEE9E909-1FD7-401D-83F6-A36E275ADDCC} - C:\WINDOWS\bxsbang.dll
O21 - SSODL: ocgrep - {96E32303-1FB1-4021-8ADB-1ABC1903A848} - C:\WINDOWS\ocgrep.dll

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.
Avatar billede dillermand Nybegynder
25. oktober 2007 - 09:58 #3
Hej igen,

Sad i går aftes og prøvede at slette den, med det lykkedes ikke. Jeg har ikke foretaget noget af det du skrev, synes lige at du skulle se denne morgens logfil fra Hijack, da der jo kan være sket ændringer siden i går aftes.

På forhånd tak

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:30, on 25-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FÆLLES~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\DR Desktop\DR_DES~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Apoint\Apntex.exe
C:\DOCUME~1\js\LOKALE~1\Temp\_dr_desktop.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
c:\programmer\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\js\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server01:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <HTML><HEAD><TITLE>StofaNet Signon</TITLE><META HTTP-EQUIV="title" CONTENT="Du er ikke logget p&aring;..."> <META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <SCRIPT language="javascript" type="text/javascript">
O1 - Hosts: newurl = false;
O1 - Hosts: var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
O1 - Hosts: function base64encode(str){var out,i,len;var c1,c2,c3;len=str.length;i=0;out="";while(i<len){c1=str.charCodeAt(i++)&0xff;if(i==len){out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt((c1&0x3)<<4);out+="==";break;}c2=str.charCodeAt(i++);if(i==len){out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));out+=base64EncodeChars.charAt((c2&0xF)<<2);out+="=";break;}c3=str.charCodeAt(i++);out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));out+=base64EncodeChars.charAt(((c2&0xF)<<2)|((c3&0xC0)>>6));out+=base64EncodeChars.charAt(c3&0x3F);}//yes Internet Explorer sucks because it can't do a btoa :-/
O1 - Hosts: return out;
O1 - Hosts: }
O1 - Hosts: if(document.location.href != ""){
O1 - Hosts: newurl = document.location.href;
O1 - Hosts: document.location.href = 'http://signon.stofanet.dk/?url='+base64encode(newurl);
O1 - Hosts: }
O1 - Hosts: function redirect(){
O1 - Hosts: if(newurl != false){
O1 - Hosts: window.setTimeout("document.location.href = 'http://signon.stofanet.dk/?url="+base64encode(newurl)+"'",10000);
O1 - Hosts: }
O1 - Hosts: }
O1 - Hosts: </SCRIPT>
O1 - Hosts: <STYLE type="text/css">
O1 - Hosts: h1{font-family: verdana, arial, sans-serif;font-size:20px;color: #000000;font-weight: normal;}
O1 - Hosts: h2{font-family: verdana, arial, sans-serif;font-size: 11px; font-weight: bold;color: #000000;}
O1 - Hosts: body{background-color:#ffffff;margin : 0px;font-family: verdana, arial, sans-serif;font-size: 11px;color: #000000;}
O1 - Hosts: .greyhr {color :#cccccc;background-color :#cccccc;border: 0;height : 1px;}
O1 - Hosts: .whitecontent{background-color:#Cf0566;font-family: verdana, arial, sans-serif;font-size: 11px;color: #ffffff;}
O1 - Hosts: a:link {color:#B1005D; text-decoration:none; }
O1 - Hosts: a:visited {color:#B1005D; text-decoration:none; }
O1 - Hosts: a:hover {color:#C41301; text-decoration:none; }
O1 - Hosts: a:active {color:#C41301; text-decoration:none; }
O1 - Hosts: </STYLE>
O1 - Hosts: </HEAD>
O1 - Hosts: <BODY onload="java script:redirect();">
O1 - Hosts: <table cellpadding=8 summary="Fejlbesked" width="100%" ><tr><td><h1>StofaNet Signon</h1><hr class="greyhr"><br><H2>Du er ikke logget p&aring;...</h2><BR><SCRIPT language="javascript" type="text/javascript">if (newurl != false){ document.write('Du har fors&oslash;gt at tilg&aring; hjemmesiden '+newurl+', men du er ikke logget p&aring;.<br>Du vil automatisk blive viderstillet til StofaNet signon i l&oslash;bet af 10 sekunder. Sker det ikke kan du <a href="http://signon.stofanet.dk/?url='+base64encode(newurl)+'" title="G&aring; til StofaNet signon siden">klikke her for at g&aring; direkte til StofaNet signon<\/a>.');}else{ document.write('Du har fors&oslash;gt at &aring;bne en hjemmeside, men du er ikke logget p&aring;.<br>Du skal f&oslash;rst logge p&aring; via StofaNet signon for at kunne komme ud p&aring; internettet. <a href="http://signon.stofanet.dk" title="G&aring; til StofaNet signon siden">Klik her for at komme til StofaNet signon siden<\/a>.');}</SCRIPT><NOSCRIPT> Du har fors&oslash;gt at &
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - C:\WINDOWS\movctrlswd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programmer\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Programmer\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programmer\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmer\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dr_desktop] "C:\Programmer\DR Desktop\DR_DES~1.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Promovec.local
O17 - HKLM\Software\..\Telephony: DomainName = Promovec.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Promovec.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Programmer\Fælles filer\Mediafour\MacDriveiTunesPatch.dll
O21 - SSODL: bxsbang - {DEE9E909-1FD7-401D-83F6-A36E275ADDCC} - C:\WINDOWS\bxsbang.dll
O21 - SSODL: ocgrep - {96E32303-1FB1-4021-8ADB-1ABC1903A848} - C:\WINDOWS\ocgrep.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FÆLLES~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FÆLLES~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 16837 bytes
Avatar billede Computer Hjælp (Gratis) Mester
25. oktober 2007 - 12:11 #4
Altså 'noget' herfra -> http://www.iedefender.com/ (Det er nemlig FUSK!!!)

Ikke at forveksle med M$'s -> http://www.microsoft.com/danmark/athome/security/spyware/software/default.mspx

Derfor ->
http://www.threatexpert.com/report.aspx?uid=47e4183f-9c85-479e-b759-4f91bda83b00

Samme reslutat... Samme løsning... [25/10-2007 08:18:31]
Avatar billede dillermand Nybegynder
25. oktober 2007 - 13:46 #5
Er helt på Herrens mark, forsøgte som du beskrev i første indlæg. Da jeg genstartede efter Avenger fik jeg ingen logfil, men her er logfilen fra Hijack. Kan du/i stadig hjælpe?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:01, on 25-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FÆLLES~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\DR Desktop\DR_DES~1.EXE
C:\Programmer\Skype\Phone\Skype.exe
C:\DOCUME~1\js\LOKALE~1\Temp\_dr_desktop.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\PROGRA~1\FÆLLES~1\McAfee\EmProxy\emproxy.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\programmer\mcafee\msc\mcuimgr.exe
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Documents and Settings\js\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
server01:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} -
C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <HTML><HEAD><TITLE>StofaNet Signon</TITLE><META HTTP-EQUIV="title"
CONTENT="Du er ikke logget p&aring;..."> <META HTTP-EQUIV="Content-Type"
content="text/html; charset=iso-8859-1">
O1 - Hosts: <SCRIPT language="javascript" type="text/javascript">
O1 - Hosts: newurl = false;
O1 - Hosts: var base64EncodeChars =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
O1 - Hosts: function base64encode(str){var out,i,len;var
c1,c2,c3;len=str.length;i=0;out="";while(i<len){c1=str.charCodeAt(i++)&0xff;if(i==len){out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt((c1&0x3)<<4);out+="==";break;}c2=str.charCodeAt(i++);if(i==len){out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));out+=base64EncodeChars.charAt((c2&0xF)<<2);out+="=";break;}c3=str.charCodeAt(i++);out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));out+=base64EncodeChars.charAt(((c2&0xF)<<2)|((c3&0xC0)>>6));out+=base64EncodeChars.charAt(c3&0x3F);}//yes
Internet Explorer sucks because it can't do a btoa :-/
O1 - Hosts: return out;
O1 - Hosts: }
O1 - Hosts: if(document.location.href != ""){
O1 - Hosts: newurl = document.location.href;
O1 - Hosts: document.location.href =
'http://signon.stofanet.dk/?url='+base64encode(newurl);
O1 - Hosts: }
O1 - Hosts: function redirect(){
O1 - Hosts: if(newurl != false){
O1 - Hosts: window.setTimeout("document.location.href =
'http://signon.stofanet.dk/?url="+base64encode(newurl)+"'",10000);
O1 - Hosts: }
O1 - Hosts: }
O1 - Hosts: </SCRIPT>
O1 - Hosts: <STYLE type="text/css">
O1 - Hosts: h1{font-family: verdana, arial, sans-serif;font-size:20px;color:
#000000;font-weight: normal;}
O1 - Hosts: h2{font-family: verdana, arial, sans-serif;font-size: 11px; font-weight:
bold;color: #000000;}
O1 - Hosts: body{background-color:#ffffff;margin : 0px;font-family: verdana, arial,
sans-serif;font-size: 11px;color: #000000;}
O1 - Hosts: .greyhr {color :#cccccc;background-color :#cccccc;border: 0;height : 1px;}
O1 - Hosts: .whitecontent{background-color:#Cf0566;font-family: verdana, arial,
sans-serif;font-size: 11px;color: #ffffff;}
O1 - Hosts: a:link {color:#B1005D; text-decoration:none; }
O1 - Hosts: a:visited {color:#B1005D; text-decoration:none; }
O1 - Hosts: a:hover {color:#C41301; text-decoration:none; }
O1 - Hosts: a:active {color:#C41301; text-decoration:none; }
O1 - Hosts: </STYLE>
O1 - Hosts: </HEAD>
O1 - Hosts: <BODY onload="java script:redirect();">
O1 - Hosts: <table cellpadding=8 summary="Fejlbesked" width="100%"
><tr><td><h1>StofaNet Signon</h1><hr class="greyhr"><br><H2>Du er ikke logget
p&aring;...</h2><BR><SCRIPT language="javascript" type="text/javascript">if (newurl
!= false){ document.write('Du har fors&oslash;gt at tilg&aring; hjemmesiden
'+newurl+', men du er ikke logget p&aring;.<br>Du vil automatisk blive viderstillet
til StofaNet signon i l&oslash;bet af 10 sekunder. Sker det ikke kan du <a
href="http://signon.stofanet.dk/?url='+base64encode(newurl)+'" title="G&aring; til
StofaNet signon siden">klikke her for at g&aring; direkte til StofaNet
signon<\/a>.');}else{ document.write('Du har fors&oslash;gt at &aring;bne en
hjemmeside, men du er ikke logget p&aring;.<br>Du skal f&oslash;rst logge p&aring;
via StofaNet signon for at kunne komme ud p&aring; internettet. <a
href="http://signon.stofanet.dk" title="G&aring; til StofaNet signon siden">Klik her
for at komme til StofaNet signon siden<\/a>.');}</SCRIPT><NOSCRIPT> Du har
fors&oslash;gt at &
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmer\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} -
C:\WINDOWS\movctrlswd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
c:\programmer\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat
7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf
Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe
-startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles
filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue
CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Adobe Acrobat
7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6]
"C:\Programmer\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [MDDiskProtect.exe]
C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Programmer\Fælles
filer\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programmer\McAfee\SpamKiller\MSKDetct.exe
/uninstall
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmer\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dr_desktop] "C:\Programmer\DR Desktop\DR_DES~1.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL
TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Programmer\Adobe\Adobe Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Programmer\Adobe\Adobe Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Programmer\Adobe\Adobe Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Programmer\Adobe\Adobe Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Programmer\Adobe\Adobe Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Programmer\Adobe\Adobe Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Adobe
Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Programmer\Adobe\Adobe Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} -
http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} -
http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} -
C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger -
{CE000996-A58C-4441-8938-744CD72AB27F} -
C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System
Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Promovec.local
O17 - HKLM\Software\..\Telephony: DomainName = Promovec.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Promovec.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Programmer\Fælles
filer\Mediafour\MacDriveiTunesPatch.dll
O21 - SSODL: ocgrep - {C2A6351A-3684-487D-BD18-4BD0823560CD} - C:\WINDOWS\ocgrep.dll
O21 - SSODL: bxsbang - {62B3BE8B-691C-4486-BD7E-055A647F0957} - C:\WINDOWS\bxsbang.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe
Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated -
C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. -
C:\PROGRA~1\FÆLLES~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -
C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmer\Fælles
filer\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles
filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. -
c:\PROGRA~1\FÆLLES~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. -
C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: NICCONFIGSVC - Dell Inc. -
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation -
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  -
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation -
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection -
file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 16889 bytes
Avatar billede Computer Hjælp (Gratis) Mester
25. oktober 2007 - 14:49 #6
Det bør kunne virke som beskrevet ved [25/10-2007 08:18:31] ???

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ linierne ind:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\bxsbang.dll
C:\WINDOWS\ocgrep.dll
C:\WINDOWS\kthemup.exe
C:\WINDOWS\movctrlswd.dll
C:\WINDOWS\nssfrch.dll

Folders to delete:
C:\WINDOWS\privacy_danger\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.


NB: C:\WINDOWS\privacy_danger linien er jo dukket op i mellemtiden...
Avatar billede ejvindh Ekspert
25. oktober 2007 - 15:37 #7
karise_larry: Jeg tror der skal køres en smitfraudfix på den:
http://siri.geekstogo.com/ChangeLog.php

Den vil godt nok ikke tage det hele, da dette er en ny version, men med lidt held kan den fixe så vidt, at Avenger kan køre ordentligt.
Avatar billede Computer Hjælp (Gratis) Mester
25. oktober 2007 - 16:01 #8
Tak for tipset - havde jeg også i tankerne da \privacy_danger dukkede op ...

-----------------------------

Download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri)
Til roden af C:\

Genstart i fejlsikret tilstand, hvis du ikke ved hvordan så kig her:
http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Dobbeltklik på C:\Smitfraud.exe. Vælg punkt [2]. Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

Genstart og læg en frisk Hijackthislog herind, loggen fra SmitfraudFix (C:\rapport.txt) og fortæl hvordan computeren kører.

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!
Avatar billede dillermand Nybegynder
01. november 2007 - 21:27 #9
Hey, fik en ven til at kigge på det, den var helt galt, tak for hjælpen
Avatar billede dillermand Nybegynder
01. november 2007 - 21:28 #10
:)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus 9 30/10/202312:12 15/12/202310:17
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:32 Formler der blev væk Af Klaus W i Excel
I går 15:22 Hent array key Af nemlig i PHP
16/0523:46 Er det journalisten Ole Ryborg? Af ErikHg i Fri debat
16/0521:25 find bestemt indehold i et felt Af gylling i Access
16/0518:08 Firefox adresse fra Firefox ned på proceslinjen Af valby i Windows
White papers
Flere white papers »


Premium
Teaser billede
Her er de nye medlemmer af Statens It-råd: Skal vurdere it-projekter på over 15 millioner kroner
Læs mere »
Antallet af anmeldelser af ulovligt indhold på beskedtjenester stiger: Regeringen skubber ansvaret videre til EU og Belgien
Efter masser af kritik af store prisstigninger: VMware åbner for gratis licenser - ændrer i licens-strukturen
Seks store selskaber med på årets image-liste for første gang: Kæmper alle med lav kendskabsgrad
Se alle »
Computerworld
Teaser billede
Nyopdaget sårbarhed rammer næsten alle VPN'er: Gør dem usikre og nærmest ubrugelige
Læs mere »
Om under en uge går det løs: Pc’en bliver aldrig den samme igen
Guide: Sådan surfer du under hackernes radarer – via en VPN-forbindelse
Opdater din browser med det samme: Stor sårbarhed rammer Chrome og en række andre browsere
Se alle »
CIO
Teaser billede
Nu begynder den største GDPR-retssag mod dansk myndighed nogensinde: Står over for million-bøde
Læs mere »
Lukker it-systemerne ned i to uger på grund af implementering: Den bedste måde at sikre, at ingen data går tabt
Sådan har Coop sagt farvel til mainframen - sparer et to-cifret millionbeløb årligt på licenser
Hundredevis af selskaber klager over Microsofts licens-policy: Vi er låst fast og bundet
Se alle »
Job & Karriere
Teaser billede
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Læs mere »
Medarbejderne fik udleveret badetøfler ved indflytningen: Kom med inden for i IBM Danmarks nye topmoderne hovedkontor
Så meget tjener dine kollegaer: Her er alle data fra Computerworlds store it-lønstatistik for 2024
Får du den løn, du fortjener? Få overblikket over hvor meget dine kolleger tjener hver måned
Se alle »
White paper
Teaser billede
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
Læs mere »
Whitepaper: Komplet sikkerhedsguide til Kubernetes
SASE: Træf det rette valg – første gang
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »