Søg
Avatar billede stinefreja Nybegynder
27. februar 2008 - 10:51 Der er 6 kommentarer

Hijack log

Jeg er igang med at køre nogle virusprogrammer som anbefalet herinde mod w32.myzor.FK@yf, og har nu kørt Hijack, er der nogen som kan hjælpe med hvad jeg skal vælge at reagere på den log jeg er kommer frem til. Den ser ud som følgende:

Logfile of HijackThis v1.99.1
Scan saved at 10:43:33, on 27-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\HP\QuickPlay\QPService.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\SpyNoMore\SNM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmer\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\Hans Tornemand\Skrivebord\Til rensning af computer\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton-værktøjslinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmer\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Programmer\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SNM] C:\Programmer\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Programmer\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmer\Mahjong Escape - Ancient Japan\Images\stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmer\Mahjong Escape - Ancient Japan\Images\armhelper.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
Avatar billede stinefreja Nybegynder
27. februar 2008 - 12:41 #1
Her kommer de tre andre logge som det er foreskrevet at man skal sende hertil. Jeg håber der er nogen på siden, der kan hjælpe mig med at komme af med virussen.

Log fra Rootchk:
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
27-02-2008 12:02:16,92

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:02:17
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden registry entries ...

scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.

hidden processes: 0
hidden services: 0
hidden files: 0

Log fra SuperAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/27/2008 at 10:22 AM

Application Version : 3.7.1018

Core Rules Database Version : 3410
Trace Rules Database Version: 1402

Scan type      : Complete Scan
Total Scan Time : 00:50:42

Memory items scanned      : 548
Memory threats detected  : 0
Registry items scanned    : 5950
Registry threats detected : 36
File items scanned        : 36890
File threats detected    : 79

Trojan.Media-Codec/V4
    HKLM\Software\Classes\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
    HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
    HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32
    HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32#ThreadingModel
    C:\PROGRAMMER\NETPROJECT\SBMDL.DLL
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#ProductionEnvironment
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#Publisher

Trojan.Smitfraud Variant/IE Anti-Spyware
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url
    C:\Documents and Settings\All Users\Menuen Start\Security Troubleshooting.url
    C:\Documents and Settings\All Users\Skrivebord\Online Security Guide.url

Trojan.Media-Codec
    HKU\S-1-5-21-1481665415-1287313580-3591974245-1006\Software\Internet Security
    C:\Programmer\Perfect Codec

Adware.Zango Toolbar/Hb
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid32
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib#Version

Trojan.DNSChanger-Codec
    HKCR\CLSID\E404.e404mgr
    HKCR\CLSID\E404.e404mgr#UserId

Adware.E404 Helper/Hij
    HKCR\E404.e404mgr
    HKCR\E404.e404mgr\CLSID
    HKCR\E404.e404mgr\CurVer
    HKCR\E404.e404mgr.1
    HKCR\E404.e404mgr.1\CLSID
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Adware.Tracking Cookie
    C:\Documents and Settings\Hans Tornemand\Cookies\hans_tornemand@adtech[1].txt
    C:\Documents and Settings\Hans Tornemand\Cookies\hans_tornemand@track.adform[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ad.fenopy[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ad.ofir[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@adfarm1.adition[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@adinterax[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ads.allyourfacearebelongto[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ads.pubmatic[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ads2.jubii[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@azjmp[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@banner.fynskemedier[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@banner.gratis-ting[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@countercentral[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@divx.adbureau[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@findboliger[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@findvej[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@focalex[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@indexstats[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ljohnstone.freestats[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@media.mtvnservices[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ncom.banneradministration[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@pulz.banneradministration[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@server.cpmstar[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@smileycentral[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@stat.postdanmark[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@stats[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@videoegg.adbureau[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@www.clickmanage[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ad.lookery[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ad.yieldmanager[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ad1.emediate[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@adbrite[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@adfair[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ads.adbrite[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ads.revsci[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@adserver.banneradministration[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@adserver.mediarun[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@advertising[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@atdmt[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@atwola[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@casalemedia[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@click.tdc-online[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@doubleclick[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@dtftravel.112.2o7[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@e2.emediate[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@eas.apm.emediate[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@eas4.emediate[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@freefind[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@indextools[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@overture[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@qxl.adservinginternational[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@qxl.banneradministration[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@rocku.adbureau[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@socialmedia[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@specificclick[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@track.adform[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@track.webtrekk[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@tracking.3gnet[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@tracking.notabenestats[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@tradedoubler[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@traffictracker[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@tribalfusion[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.burstnet[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.googleadservices[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.googleadservices[3].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.googleadservices[4].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.googleadservices[5].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@xiti[1].txt

Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\HANS TORNEMAND\FORETRUKNE\ONLINE SECURITY TEST.URL

Trojan.Media-Codec/V5
    C:\PROGRAMMER\NETPROJECT\SBSM.EXE
    C:\PROGRAMMER\NETPROJECT\WAUN.EXE
    C:\WINDOWS\Prefetch\SBSM.EXE-286736D7.pf

Adware.E404 Helper/Variant-A
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BDBBC4E5-340F-44E9-B5C7-0940D7A1A3AD}\RP217\A0023441.DLL

Og loggen fra ComboFix:

ComboFix 08-02-25.3 - Hans Tornemand 2008-02-27 12:07:04.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.389 [GMT 1:00]
Running from: C:\Documents and Settings\Hans Tornemand\Skrivebord\Til rensning af computer\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\Helper
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2008-01-27 to 2008-02-27  )))))))))))))))))))))))))))))))
.

2008-02-27 09:22 . 2008-02-27 09:31    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-27 09:22 . 2008-02-27 09:22    <DIR>    d--------    C:\Documents and Settings\Hans Tornemand\Application Data\SUPERAntiSpyware.com
2008-02-27 09:22 . 2008-02-27 09:22    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-27 09:13 . 2008-02-27 09:13    <DIR>    d--------    C:\Programmer\CCleaner
2008-02-16 14:15 . 2008-02-16 14:25    <DIR>    d--------    C:\Programmer\SpyNoMore
2008-02-16 14:15 . 2008-02-16 14:15    1,152    --a------    C:\WINDOWS\system32\windrv.sys
2008-02-16 12:47 . 2008-02-16 12:55    <DIR>    d--------    C:\Documents and Settings\Hans Tornemand\.housecall6.6
2008-02-16 12:47 . 2008-02-16 12:47    102,664    --a------    C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-14 14:42 . 2008-02-14 14:42    118    --a------    C:\WINDOWS\system32\MRT.INI
2008-02-14 12:28 . 2008-02-16 12:34    <DIR>    d--------    C:\Programmer\NoAdware5.0
2008-02-14 11:02 . 2008-02-27 10:26    <DIR>    d--------    C:\Programmer\NetProject

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 11:06    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-02-27 09:44    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-27 08:22    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-16 12:50    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-16 12:13    ---------    d-----w    C:\Programmer\Google
2008-01-15 14:43    ---------    d-----w    C:\Programmer\Microsoft CAPICOM 2.1.0.2
2008-01-15 08:54    10,537    ----a-w    C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28    706    ----a-w    C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 19:20    ---------    dcsh--w    C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-01-14 19:18    ---------    d-----w    C:\Programmer\Windows Live
2008-01-14 19:17    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-12 17:32    23,904    ----a-w    C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 05:40    44,544    ----a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:54    347,136    ----a-w    C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51    179,584    ------w    C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:13    3,592,192    ------w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:00    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 10:59    70,656    ------w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 10:59    625,664    ------w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 04:59    161,792    ------w    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-05 18:42    60,800    ----a-w    C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41    550,912    ------w    C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-10-20 17:44    552    ----a-w    C:\Documents and Settings\Hans Tornemand\Application Data\wklnhst.dat
2005-09-24 06:49    12,288    ----a-w    C:\WINDOWS\Fonts\RandFont.dll
2006-10-21 00:21    22    --sha-w    C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 22:00 15360]
"OM_Monitor"="C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 18:19 57344]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpWirelessAssistant"="C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-21 15:16 7561216]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 06:46 761948]
"QPService"="C:\Programmer\HP\QuickPlay\QPService.exe" [2006-04-11 20:54 102400]
"HP Software Update"="C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 10:38 131072]
"Cpqset"="C:\Programmer\HPQ\Default Settings\cpqset.exe" [2006-01-26 15:18 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"OpwareSE2"="C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Programmer\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-04-27 19:22 77824]
"OM_Monitor"="C:\Programmer\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 18:19 40960]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"SNM"="C:\Programmer\SpyNoMore\SNM.exe" [2007-11-15 12:02 1212368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 22:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Pavilion Webcam Tray Icon.lnk - C:\Programmer\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [2006-10-20 19:11:47 98304]
HP Photosmart Premier Hurtig start.lnk - C:\Programmer\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=

R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-09 14:50]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 15:49]
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 06:07]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 09:32:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2008-02-08 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Kør fuld systemskanning - Hans Tornemand.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:09:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Programmer\HPQ\Default Settings\cpqset.exe????????? ???@????????? ?????@?????hV????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-27 12:09:52
ComboFix-quarantined-files.txt  2008-02-27 11:09:49
.
2008-02-27 06:32:17    --- E O F --- 

Jeg håber der er en eller flere som kan hjælpe mig med problemet/problemerne!!

De bedste hilsner
Stine Freja
Avatar billede Computer Hjælp (Gratis) Mester
27. februar 2008 - 21:55 #2
ComboFix + Superantispyware har fixet visse Uønskede elementer!

Hvordan kører PC'en så nu ?
Avatar billede stinefreja Nybegynder
01. marts 2008 - 18:44 #3
Pc'en kører rigtigt godt, og den der virusboks kommer ikke op længere når man går på nettet. Jeg er bare stadig i tvivl om jeg kan sende mails fra denne computer, forid jeg er bange for at der ligger noget og lurer som jeg kommer til at sende videre til andre??

I brugen af computeren virker det til at der ikke længere er noget, men jeg ved bare ikke lige hvordan jeg skal tyde de der logs.
Avatar billede Computer Hjælp (Gratis) Mester
01. marts 2008 - 19:35 #4
Check lige at mappen
C:\Programmer\NetProject
er slettet - hvis ikke så slet den helt incl evt. indhold!!!
Avatar billede Computer Hjælp (Gratis) Mester
01. marts 2008 - 19:35 #5
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede Computer Hjælp (Gratis) Mester
01. marts 2008 - 19:36 #6
Ta' også en tur med CCleaner som du allerede har. Også punktet [Problemer/Register] ...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
I går 17:08 Problemer med borger.dk Af valby i Windows
I går 14:19 Fejl Af buls i Windows
I går 13:44 Adgang til Google konto via Ipad Af cyperbent i E-mail programmer
24/0109:50 Mobilpay svindel Af nu_igen i Andre onlineløsninger
White papers
Flere white papers »