Søg
Avatar billede larsjansen Nybegynder
12. september 2008 - 20:39 Der er 21 kommentarer og
2 løsninger

Hijack log

Hejsa

Fik lidt virus noget, og tog en Hijack this log...
Da jeg før jeg fået hjælp til at fjerne virus eks. via denne log prøver jeg nu igen...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:04, on 12-09-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
E:\Programmer\Ad Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Dualview Server\dualviewsvc.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Programmer\Microsoft Security Adviser\msctrl.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft Security Adviser\msavsc.exe
C:\Programmer\Microsoft Security Adviser\msscan.exe
C:\Programmer\Microsoft Security Adviser\msiemon.exe
C:\Programmer\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Infineon\Security Platform Software\PSDrt.exe
C:\Programmer\Infineon\Security Platform Software\SpTna.exe
C:\Programmer\Internet Explorer\iexplore.exe
E:\Programmer\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programmer\CS3\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programmer\CS3\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [msctrl.exe] C:\Programmer\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Programmer\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Programmer\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Programmer\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Programmer\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Programmer\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Programmer\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Programmer\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Programmer\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Programmer\Microsoft Security Adviser\msfw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programmer\Ad Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DualView Server Service (DualView Server) - Unknown owner - C:\Programmer\Dualview Server\dualviewsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programmer\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Programmer\Smart Watchdog\SWDsvc.exe

--
End of file - 9041 bytes




Nogen der kan se noget der skal væk??
Avatar billede johnstigers Seniormester
12. september 2008 - 20:50 #1
Fix:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Genstart og ny log - kører videre med rens efter genstart!
Avatar billede larsjansen Nybegynder
12. september 2008 - 21:10 #2
takker :)
Avatar billede levich Nybegynder
12. september 2008 - 21:18 #3
john_stigers -> den linje hører til Windows Live Messenger og skal ikke "fix'es".
Avatar billede johnstigers Seniormester
12. september 2008 - 21:28 #4
Tak - kunne ikke finde noget på den :)

larsjansen hvis du har fixet den, så kan du gendanne ved at starte hijackthis og klikke på "open the misc tools section" - klik på backups - marker den fixede line og klik restore.

Download "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer programmet, start det, lav "fuld systemscanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind.

levich - du render ingen steder for skal lige have en erfaren person med til tydning af loggen - in case :)
Avatar billede larsjansen Nybegynder
12. september 2008 - 21:48 #5
Kigger lige på det :)

Svarer når den har scannet færdig
Avatar billede Computer Hjælp (Gratis) Mester
12. september 2008 - 21:49 #6
Mht [Microsoft Security Adviser] ->
http://www.castlecops.com/s14990-Microsoft_Security_Adviser.html
http://www.bleepingcomputer.com/forums/topic96521.html
http://www.pcreview.co.uk/startup/msavsc.exe/Microsoft%20Security%20Adviser.php
http://spywarefiles.prevx.com/RRHDFG042501611/MSAVSC.EXE.html
... er vist ikke såååå sund ?
Skal du vide mere ?
Avatar billede larsjansen Nybegynder
12. september 2008 - 21:52 #7
Mens vi venter har en af jer måske et bud på hvorfor jeg ikke kan ændre min pauseskærm længere? :)

Har lige installeret SP3, og i forbindelse med den her virusting jeg har fået har jeg fået den der bluescreen som pauseskærm, som faker en fejl på harddisken..
den pauseskærm står ikke til at ændre, da menuen for pauseskærm ikke længere er der :S (højreklikker på skrivebord, egenskaber..) her har jeg kun 3 faneblade nu.

Mystisk ik?
Avatar billede larsjansen Nybegynder
12. september 2008 - 21:53 #8
karise - er det ting jeg skal fixe i hijack?
Avatar billede levich Nybegynder
12. september 2008 - 21:57 #9
larsjansen -> start med at scanned med "Malwarebytes' Anti-Malware".

Hvis den ikke fjernet virus/spyware, så skal du bagefter lave en manuel fjernelse som omfatter at du skal "fixe" disse linjer med hijackthis:
O4 - HKLM\..\Run: [msctrl.exe] C:\Programmer\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Programmer\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Programmer\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Programmer\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Programmer\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Programmer\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Programmer\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Programmer\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Programmer\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Programmer\Microsoft Security Adviser\msfw.exe

men start med scanning og vis os en ny hijackthis-log bagefter.
Avatar billede larsjansen Nybegynder
12. september 2008 - 21:59 #10
Okay. kan se den har fundet 25 filer indtil nu. men det tager vidst noget tid at lave en fuld scan
Avatar billede Computer Hjælp (Gratis) Mester
12. september 2008 - 22:05 #11
(Det med manglende "Pauseskærm" faneblad skal vi nok fixe bagefter. Det trix er et led i "banditernes" ballade!!!)
Avatar billede larsjansen Nybegynder
12. september 2008 - 22:13 #12
Okay. puuh det tagar lang tid at scanne
Avatar billede levich Nybegynder
12. september 2008 - 22:31 #13
Det går rigtig godt her. Jeg var lidt for hurtig - hvis det bliver nødvendigt at fixe noget med hijackthis, så skal du skal IKKE fixe denne linje:
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
Avatar billede larsjansen Nybegynder
13. september 2008 - 08:24 #14
Malwarebytes' Anti-Malware 1.28
Database version: 1142
Windows 5.1.2600 Service Pack 3

13-09-2008 07:04:24
mbam-log-2008-09-13 (07-04-24).txt

Skan type: Fuldstændig skanning (C:\|E:\|)
Objekter skannet: 150998
Tid tilbagelagt: 41 minute(s), 30 second(s)

Inficerede Hukommelses Processer: 5
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 15
Inficerede Registeringsdatabase Filer: 3
Inficerede Mapper: 1
Inficerede Filer: 22

Inficerede Hukommelses Processer:
C:\Programmer\Microsoft Security Adviser\msctrl.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Programmer\Microsoft Security Adviser\msavsc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Programmer\Microsoft Security Adviser\msscan.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Programmer\Microsoft Security Adviser\msiemon.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Programmer\Microsoft Security Adviser\msfw.exe (Trojan.Agent) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Programmer\Microsoft Security Adviser (Trojan.Downloader) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Programmer\Microsoft Security Adviser\msctrl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Microsoft Security Adviser\msavsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Microsoft Security Adviser\msscan.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Microsoft Security Adviser\msiemon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Microsoft Security Adviser\msfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jansen\msavsc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jansen\msctrl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jansen\msfw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jansen\msiemon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jansen\msscan.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{47A3F767-07FC-45E7-BDF4-2F5D5D5391CF}\RP0\A0000003.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{47A3F767-07FC-45E7-BDF4-2F5D5D5391CF}\RP0\A0000004.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Programmer\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmer\Microsoft Security Adviser\mssadv.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmer\Microsoft Security Adviser\mssadv_sp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmer\Microsoft Security Adviser\mssadv_sp.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcen0j0er7p.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcen0j0er7p.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcen0j0er7p.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jansen\Lokale indstillinger\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jansen\Lokale indstillinger\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jansen\Lokale indstillinger\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Så fik jeg loggen. Jeg slettede de inficerede filer den fandt.

Undskyld ventetiden, men blev forhindret i at komme på mere i går aftes.

Jeg har dog stadig problemer, f.eks. vil min computer ikke åbne billedfiler?
(har dog fået min pauseskærms faneblad tilbage)
Avatar billede larsjansen Nybegynder
13. september 2008 - 08:29 #15
Nu ser min hijack this således ud:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:31:39, on 13-09-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
E:\Programmer\Ad Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Dualview Server\dualviewsvc.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Infineon\Security Platform Software\PSDrt.exe
C:\Programmer\Infineon\Security Platform Software\SpTna.exe
C:\Programmer\Internet Explorer\iexplore.exe
E:\Programmer\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programmer\CS3\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programmer\CS3\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Programmer\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programmer\Ad Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DualView Server Service (DualView Server) - Unknown owner - C:\Programmer\Dualview Server\dualviewsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programmer\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Programmer\Smart Watchdog\SWDsvc.exe

--
End of file - 8027 bytes
Avatar billede Computer Hjælp (Gratis) Mester
13. september 2008 - 09:37 #16
"...computer ikke åbne billedfiler?..." hvad mener du her ?
Avatar billede levich Nybegynder
13. september 2008 - 10:26 #17
Det ser ud til at alle vira/spyware er fjernet. Mht. billedfiler, så gætter jeg på at du har installeret et program som du bruger til at se billeder med. Hvis det er tilfældet, så foreslår jeg at du geninstallerer det program.
Avatar billede johnstigers Seniormester
13. september 2008 - 10:33 #18
Det var dog...
Hvorfor så jeg ikke den Microsoft Security Adviser???

Nå man godt der kom friske kræfter til :)
Avatar billede larsjansen Nybegynder
13. september 2008 - 11:18 #19
Jeg hat ikke installeret nogen billedprogrammer, andet ed adobe serien.. og den burde da ik gå ind og gøre at jeg ik kan dobbeltklilkke alm. billeder og få dem vist i windows billed fremvisning?

Det er alm. billedfiler som jpg osv, uanset destination eller oprindelse, at når jeg dobbeltklikker dem, sker der intet :)
Avatar billede larsjansen Nybegynder
13. september 2008 - 12:44 #20
NVM, jeg har klaret den :) Måtte genregistrere windows billedfremviser :)

ved ikke lige hvordan prodecuren er når flere hjælper, men eftersom john var den første synes jeg det er fair. :)
Avatar billede levich Nybegynder
13. september 2008 - 14:54 #21
Jeg foreslår at vi alle lægger et svar, og så kan du fordele de 60 point til os som du nu ønsker.
Avatar billede larsjansen Nybegynder
13. september 2008 - 15:29 #22
ja det lyder mere fair :) vidste jeg ikke man kunne :) Men det vil jeg så gøre
Avatar billede Computer Hjælp (Gratis) Mester
13. september 2008 - 15:45 #23
Ping...
(Det var et - friske kræfter ' SS* - et [svar]...)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »