Søg
Avatar billede Slettet bruger
23. juni 2008 - 23:35 Der er 15 kommentarer og
1 løsning

Kan ikke søge på Google og bannere bliver skiftet ud. HiJack log

Hej Eksperter,

Jeg har reddet mig en virus, der gør jeg ikke kan søge på Google og alle mine bannervisninger, bliver ændret til "fix your computer" og "you're our number 10.000 visitor".

Jeg plejer kun at køre med Avast, men jeg kan forstå på bla denne tråd http://www.eksperten.dk/spm/797656 , at jeg også skal have SUPERAntiSpyware installeret, er det korrekt?

På forhånd tak.

-----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:27, on 23-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WF2K.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Peter\Skrivebord\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {81fe1f6d-d35a-f918-99c4-7de1800ad1bb} - {bb1da008-1ed7-4c99-819f-a53dd6f1ef18} - C:\WINDOWS\system32\fpdashmb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [e86ba2c0] rundll32.exe "C:\WINDOWS\system32\rbbrirxm.dll",b
O4 - HKLM\..\Run: [BMeb58915c] Rundll32.exe "C:\WINDOWS\system32\bluxkmao.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {DD34854E-E65B-4940-AEEB-0041BCADDBA5} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: fpdashmb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6463 bytes
Avatar billede levich Nybegynder
24. juni 2008 - 01:28 #1
Følg vejledningen her: http://www.eksperten.dk/artikler/1123
Bagefter send loggen fra SuperAntiSpyware, Combofix og hijackthis herind.
Avatar billede Computer Hjælp (Gratis) Mester
24. juni 2008 - 06:44 #2
(Men brug stadig "Trend Micro HijackThis v2.0.2" )
Avatar billede Slettet bruger
24. juni 2008 - 13:40 #3
Hej igen,
De tre logs kommer her:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/24/2008 at 01:19 PM

Application Version : 4.15.1000

Core Rules Database Version : 3489
Trace Rules Database Version: 1480

Scan type      : Complete Scan
Total Scan Time : 00:10:30

Memory items scanned      : 154
Memory threats detected  : 0
Registry items scanned    : 5173
Registry threats detected : 0
File items scanned        : 12587
File threats detected    : 3

Adware.Vundo Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD29490C-8B76-4716-AD4F-D6B374EBBDDF}\RP4\A0000184.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD29490C-8B76-4716-AD4F-D6B374EBBDDF}\RP4\A0000186.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD29490C-8B76-4716-AD4F-D6B374EBBDDF}\RP4\A0000191.DLL


---------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:24, on 24-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Peter\Skrivebord\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {81fe1f6d-d35a-f918-99c4-7de1800ad1bb} - {bb1da008-1ed7-4c99-819f-a53dd6f1ef18} - C:\WINDOWS\system32\fpdashmb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [e86ba2c0] rundll32.exe "C:\WINDOWS\system32\rbbrirxm.dll",b
O4 - HKLM\..\Run: [BMeb58915c] Rundll32.exe "C:\WINDOWS\system32\bluxkmao.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {DD34854E-E65B-4940-AEEB-0041BCADDBA5} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: fpdashmb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6516 bytes


---------------------------------------------------------------------------

ComboFix 08-06-20.4 - Peter 2008-06-24 13:27:30.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.842 [GMT 2:00]
Running from: C:\Documents and Settings\Peter\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMeb58915c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\lmmSstwa.ini
C:\WINDOWS\system32\lmmSstwa.ini2

.
(((((((((((((((((((((((((  Files Created from 2008-05-24 to 2008-06-24  )))))))))))))))))))))))))))))))
.

2008-06-23 21:18 . 2008-06-23 21:18    <DIR>    d--------    C:\Programmer\CCleaner
2008-06-23 20:08 . 2008-06-23 20:08    91,136    --a------    C:\WINDOWS\system32\bluxkmao.dll
2008-06-23 20:05 . 2008-06-23 20:05    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-06-23 20:05 . 2008-06-23 20:05    <DIR>    d--------    C:\Documents and Settings\Peter\Application Data\SUPERAntiSpyware.com
2008-06-23 20:05 . 2008-06-23 20:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-23 19:50 . 2008-06-23 20:10    766    ---hs----    C:\WINDOWS\system32\mxrirbbr.ini
2008-06-23 19:30 . 2001-10-04 17:07    1,733,120    --a--c---    C:\WINDOWS\system32\dllcache\g400d.dll
2008-06-23 19:29 . 2001-10-04 16:45    595,743    --a--c---    C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-06-23 19:28 . 2001-10-04 16:42    634,166    --a--c---    C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-06-23 19:27 . 2001-08-17 20:14    952,007    --a--c---    C:\WINDOWS\system32\dllcache\diwan.sys
2008-06-23 19:26 . 2004-08-27 14:00    1,677,824    --a--c---    C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-06-23 19:25 . 2004-08-26 17:53    1,888,992    --a--c---    C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-06-23 19:24 . 2001-08-17 21:28    762,780    --a--c---    C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-06-23 18:54 . 2008-06-23 18:54    <DIR>    d--------    C:\Programmer\Enigma Software Group
2008-06-23 18:38 . 2008-06-23 18:38    <DIR>    d--------    C:\VundoFix Backups
2008-06-22 13:42 . 2005-06-29 22:34    24,576    --a------    C:\WINDOWS\uninjssv.exe
2008-06-20 21:31 . 2008-06-20 21:31    <DIR>    d--------    C:\Documents and Settings\Peter\CDCARDS
2008-06-20 21:31 . 2008-06-20 21:31    <DIR>    d--------    C:\Documents and Settings\Peter\.oces
2008-06-20 21:25 . 2008-06-20 21:25    <DIR>    d--------    C:\Programmer\TDC
2008-06-20 21:25 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-06-20 21:25 . 2008-06-20 21:25    <DIR>    d--------    C:\Documents and Settings\Peter\Application Data\Cryptomathic
2008-06-15 18:21 . 2008-05-30 14:11    3,850,760    --a------    C:\WINDOWS\system32\D3DX9_38.dll
2008-06-15 18:21 . 2008-05-30 14:11    1,491,992    --a------    C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-15 18:21 . 2008-05-30 14:19    507,400    --a------    C:\WINDOWS\system32\XAudio2_1.dll
2008-06-15 18:21 . 2008-05-30 14:11    467,984    --a------    C:\WINDOWS\system32\d3dx10_38.dll
2008-06-15 18:21 . 2008-05-30 14:18    238,088    --a------    C:\WINDOWS\system32\xactengine3_1.dll
2008-06-15 18:21 . 2008-05-30 14:17    65,032    --a------    C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-15 18:21 . 2008-05-30 14:17    25,608    --a------    C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-15 18:20 . 2008-06-15 18:20    <DIR>    d--------    C:\WINDOWS\Logs
2008-06-13 21:32 .     <DIR>        C:\Programmer\Fælles filer\BioWare
2008-06-11 13:03 . 2008-06-14 20:00    272,256    ---------    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:03 . 2008-06-14 20:00    272,256    --a--c---    C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 18:34 . 2008-06-09 18:34    <DIR>    d--------    C:\Programmer\LitexMedia

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 20:51    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\uTorrent
2008-06-22 19:43    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-06-03 00:51    ---------    d-----w    C:\Programmer\Microsoft Works
2008-06-01 16:34    ---------    d-----w    C:\Programmer\Steam
2008-05-18 17:16    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\PowerChallenge
2008-05-12 23:45    ---------    d-----w    C:\Programmer\Poker Indicator
2008-05-12 23:20    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\Microgaming
2008-05-12 22:50    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-11 19:53    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\CyberLink
2008-05-08 12:28    202,752    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
2008-05-05 16:28    ---------    d-----w    C:\Programmer\Microsoft.NET
2008-05-05 16:28    ---------    d-----w    C:\Programmer\Microsoft ActiveSync
2008-05-05 16:28    ---------    d-----w    C:\Programmer\Fælles filer\L&H
2008-05-05 15:27    ---------    d-----w    C:\Programmer\Joost
2008-05-05 15:27    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\Joost
2008-04-29 15:36    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\InstallShield Installation Information
2008-04-28 16:12    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-04-27 21:23    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\GetRight
2008-04-27 21:19    ---------    d-----w    C:\Programmer\GetRight
2008-04-27 21:19    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\GetRightToGo
2008-04-27 21:12    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-26 14:13    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\Ahead
2008-04-26 14:08    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-26 14:07    ---------    d-----w    C:\Programmer\Fælles filer\Ahead
2008-04-26 14:07    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nero
2008-04-26 14:06    ---------    d-----w    C:\Programmer\Nero
2008-04-26 13:15    ---------    dcsh--w    C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-04-26 13:15    ---------    d-----w    C:\Programmer\Windows Live
2008-04-26 13:12    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-24 17:48    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\Skype
2008-04-24 15:38    ---------    d-----w    C:\Documents and Settings\Peter\Application Data\skypePM
2008-04-24 14:31    66,872    ----a-w    C:\WINDOWS\system32\PnkBstrA.exe
2008-04-24 14:31    22,328    ----a-w    C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-24 14:31    22,328    ----a-w    C:\Documents and Settings\Peter\Application Data\PnkBstrK.sys
2008-04-24 14:31    2,337,865    ----a-w    C:\WINDOWS\system32\pbsvc.exe
2008-04-24 14:31    107,832    ----a-w    C:\WINDOWS\system32\PnkBstrB.exe
2008-04-24 14:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-22 19:18    32    ----a-w    C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-21 07:03    660,992    ----a-w    C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((  snapshot@2008-06-23_19.49.58.75  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 17:46:07    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-06-24 11:30:04    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-06-23 18:05:10    18,944    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-06-23 18:05:10    65,024    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-06-24 11:30:09    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_688.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb1da008-1ed7-4c99-819f-a53dd6f1ef18}]
            C:\WINDOWS\system32\fpdashmb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 12:26 86016]
"WinFoxV2"="C:\WINDOWS\system32\WF2K.EXE" [2007-12-10 16:30 1490944]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"e86ba2c0"="C:\WINDOWS\system32\rbbrirxm.dll" [ ]
"BMeb58915c"="C:\WINDOWS\system32\bluxkmao.dll" [2008-06-23 20:08 91136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2008-04-13 23:26:49 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=fpdashmb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Spil\\Mass Effect\\Binaries\\MassEffect.exe"=
"C:\\Spil\\Mass Effect\\MassEffectLauncher.exe"=


R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R4 WINFOXIO;WINFOXIO;C:\WINDOWS\system32\Drivers\WINFOXIO.SYS [2005-03-25 18:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95a0fc69-09a4-11dd-95d6-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 13:30:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-06-24 13:33:07 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-24 11:33:04
ComboFix2.txt  2008-06-23 17:50:49

Pre-Run: 24,979,980,288 byte ledig
Post-Run: 24,990,822,400 byte ledig

193    --- E O F ---    2008-06-22 11:20:05
Avatar billede Jensen DK Novice
24. juni 2008 - 14:57 #4
Med AVG 8.0 er du fint dækket ind når din maskine er renset.
Avatar billede Slettet bruger
24. juni 2008 - 15:29 #5
Ok tak, det er noteret.

Når jeg starter min pc op nu brokker den sig over C:\WINDOWS\system32\rbbrirxm.dll
og mine ikoner for Avast og Nero er fosvundet fra processlinjen selvom programmerne kører i baggrunden..

Jeg kan stadig ikke søge på Goggle og bannerne bliver skiftet :-(
Avatar billede levich Nybegynder
24. juni 2008 - 20:02 #6
Læs alle punkterne inden du gør noget.
Gem evt. denne vejledning som en tekstfil på skrivebordet vha. Notepad.

(1)
Hent Vundofix http://vundofix.atribune.org/ og følg vejledningen i afsnittet ”Normal usage for removal”.

(2)
Hent AFT-cleaner her: http://www.geekstogo.com/forum/index.php?autocom=downloads&showfile=21
Start programmet og vælg "select all" og derefter "empty all".
Hvis du har Firefox skal du først vælge det i menuen og derefter "select all" og "empty all".

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op) og Fix følgende linjer med HijackThis:
O2 - BHO: {81fe1f6d-d35a-f918-99c4-7de1800ad1bb} - {bb1da008-1ed7-4c99-819f-a53dd6f1ef18} - C:\WINDOWS\system32\fpdashmb.dll (file missing)
O4 - HKLM\..\Run: [e86ba2c0] rundll32.exe "C:\WINDOWS\system32\rbbrirxm.dll",b
O4 - HKLM\..\Run: [BMeb58915c] Rundll32.exe "C:\WINDOWS\system32\bluxkmao.dll",s
O20 - AppInit_DLLs: fpdashmb.dll

(4)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende fil(er):
C:\WINDOWS\system32\fpdashmb.dll
C:\WINDOWS\system32\rbbrirxm.dll
bluxkmao.dll
fpdashmb.dll

(5)
Genstart computeren normalt. Lav en ny log med HijackThis og send den herind.
Avatar billede Slettet bruger
24. juni 2008 - 20:39 #7
Hejsan,

Vundofix, fandt ikke noget.
Jeg fixede tingene i Hijack.
Kunne kun finde og slette bluxkmao.dll (på trods visning af skjulte- og operativfiler)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:51, on 24-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Peter\Skrivebord\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {DD34854E-E65B-4940-AEEB-0041BCADDBA5} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6176 bytes
Avatar billede Slettet bruger
24. juni 2008 - 20:57 #8
Nu kan jeg søge igen!!
Bannerne er normale og windows brokker sig ikke over dll filer igen!

Tusind tak Levich, du er som sendt fra himlen, kunne ikke overskue at formatere igen.

Er der mere snavs i min log?
Smid lige et svar, så du kan få dine point :-)
Avatar billede Computer Hjælp (Gratis) Mester
24. juni 2008 - 21:26 #9
Psssst:
Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da (Husk at vælge sprog) - Download til et passende sted og DERFRA install pakken - vil nok ta' sin tid ...
Avatar billede Slettet bruger
24. juni 2008 - 21:55 #10
tihi, tjekkede om lige min windows update virkede igen, og den installerede lige SP3 med det samme..

Jeg havde set dine psst beskeder på andre tråde, så jeg vidste at den var vigtig :-)

Tak.
Avatar billede levich Nybegynder
24. juni 2008 - 22:29 #11
Fix også denne linje med hijackthis:
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
Avatar billede Slettet bruger
24. juni 2008 - 23:23 #12
Hej,

Mange tak, har lige fjernet den sidste linje, du nævnte.
Du får lige den sidste Hijack log, for en god ordens skyld :-)

Bemærk sp3 :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:07, on 24-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Peter\Skrivebord\hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {DD34854E-E65B-4940-AEEB-0041BCADDBA5} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6357 bytes
Avatar billede Slettet bruger
24. juni 2008 - 23:27 #13
Jeg forstår ikke... Jeg har klikket Accepter en masse gange, både i Firefox og IE, men du får ikke point'ene..
Avatar billede Slettet bruger
24. juni 2008 - 23:29 #14
Jeg bliver
Avatar billede Slettet bruger
24. juni 2008 - 23:32 #15
Jeg bliver hvad???

Nu har jeg fundet ud af at man skal klikke på navnet og så trykke accepter..
Så nu har du fået din belønning :-)

Endnu en gang tak for hjælpen, og med al respekt, så håber jeg ikke det bliver nødvendigt at skrive i denne kategori igen ;-)
Avatar billede levich Nybegynder
25. juni 2008 - 00:14 #16
Nej, det er irriterende at skulle bruge tid på at fjerne virus/spyware.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 14:46 Offline opdatering af co-working excell sheet Af morten vestergaard i Excel
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
White papers
Flere white papers »