Trojaner? url:ms-its:C:\WINDOWS\Help\iexplore.chm::/iegetsrt..htm

Det er nok umuligt at sige om du fik en trojaner eller om antivirus programmet blev snydt af url'en. Se her: http://www.secunia.dk/advisories/11793/

Den eneste måde at blive sikker er at se en HiJackThis log fra maskinen.

Gå ind her og hent Hijackthis.
http://www.spywarefri.dk/vaerktoj.htm
Derefter udpakker du Hijackthis og smider filen i en mappe, oprettet kun til den. Kør filen, scan, save log og kopier logfilen herind, så kigger vi på den. Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.

Nu er det godt nok lang tid siden, og jeg synes ikke den ser slem ud!

Logfile of HijackThis v1.99.0
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programmer\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\System32\LVCOMS.EXE
C:\Programmer\OmniPagePro9\opware32.exe
C:\PROGRA~1\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmer\ZoneAlarm\zlclient.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmer\Qualcomm\Eudora\Eudora.exe
C:\PROGRA~1\ETRUST~1\ETRUST~1\Vet32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tobulan\Skrivebord\Ny mappe\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEPlugin Class - {17598C5F-F014-4D4B-9AD7-E4F8C952FBCB} - c:\programmer\pop-up breaker v1.51\bspb.dll (file missing)
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll
O2 - BHO: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Agent] C:\Programmer\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmer\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [OmniPage] C:\Programmer\OmniPagePro9\opware32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: AltaVista Search - file://C:\Programmer\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: Overfør med Star Downloader - C:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: Translate - file://C:\Programmer\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Programmer\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0EB1CA3E-C9C7-42B6-8016-B0CBA435E291} (ImclCtl Class) - http://messenger.jubii.dk/messenger/client/ActiveXMsgrCore.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (AltaVista Toolbar) - http://toolbar.altavista.com/app/toolbar/cfg/altavista.cab?r=NISUCR
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {86CEEAFA-AE5C-11D4-A4C8-00A0C9E79206} (ActiveXDemo Control) - http://www.finjan.com/mcrc/demos/ActiveXDemo.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.6.36.36/tukati.cab
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service - Unknown - C:\WINDOWS\System32\VetMsgNT.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Der kom ikke noget ind, idet loggen sådan set er ren, hvis man ser bort fra messenger plus 3. Den kommer jo med et "sponsorprogram" men det ser ud til at du fravalgte det da du installerede msn plus 3. Så det bliver kun til lidt oprydning:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: IEPlugin Class - {17598C5F-F014-4D4B-9AD7-E4F8C952FBCB} - c:\programmer\pop-up breaker v1.51\bspb.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot

Genstart normalt og kom med en ny log til kontrol

O2 - BHO: IEPlugin Class - {17598C5F-F014-4D4B-9AD7-E4F8C952FBCB} - c:\programmer\pop-up breaker v1.51\bspb.dll (file missing)
Virker min pop-up stopper, selvom jeg sletter denne?

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
Skal Quicktime ikke bruge den?

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
Hvad?

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
Hvad er det? I C:\Program Files\ ligger der ingen mappe med det navn... Scary!

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
Skal Real Player ikke bruge den?

1. Denne er din popupstopper. Den anden virker ikke.
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll

2. Quicktime har ingen brug for qttask.

3. Efterladenskab fra noget directx installation.

4. Openwares Liveupdate fixer vi altid idet man ikek kan se på den hvad den opdaterer. Så hellere gøre dette manuelt.

5. Realplayer har ingen brug for realsched.

nr 2, 4 og 5 bruger blot unødvendigt ressourcer.
nr 1 og 3 er ren oprydning.

Kan spørgsmålet lukkes ?

Det gør du ved at markere mit navn nede til venstre og trykke accepter-knappen.

Takker for point :)