CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede kanabba Nybegynder
04. januar 2006 - 17:46 Der er 5 kommentarer og
1 løsning

Hijack this

Hej eksperter,

Har fulgt alle råd iflg. http://www.eksperten.dk/artikler/755 fra fromsej, og har fået følgende logfiler... Blev ramt hårdt og hurtigt af Spysheriff i går.

Håber i kan hjælpe.. På forhånd tak....


Here goes:







-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 129043
Infected objects found: 57
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 3
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 56
Objects renamed: 3
Objects moved: 0
Objects ignored: 0
Scan speed: 162 Kb/s
Scan time: 01:35:31
-----------------------------------------------------------------------------



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:            17:06:04, 04-01-2006
+ Report-Checksum:        4AC85109

+ Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{12E919BC-C70F-432B-B831-1180DE734505} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Replace.HBO -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Replace.HBO\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Replace.HBO\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{795EB484-BD6D-4125-93DB-D6FF015325E9} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\VacPro.internazionale_ver4 -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\VacPro.internazionale_ver4\Clsid -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
    HKLM\SOFTWARE\PerfectNav\BHO -> Spyware.KeenValue : Cleaned with backup
    HKLM\SOFTWARE\PerfectNav\BHO\HomePage -> Spyware.KeenValue : Cleaned with backup
    HKLM\SOFTWARE\PerfectNav\BHO\RedirectURLS -> Spyware.KeenValue : Cleaned with backup
    HKU\S-1-5-21-220523388-688789844-854245398-1003\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-220523388-688789844-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
    [456] C:\WINDOWS\system32\msupdate32.dll -> Backdoor.Delf.ald : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@counter4.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@ehg-accuweather.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@ehg-nokiafin.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@sel.as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\xx\Cookies\xx@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\Cookies\xx@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\Cookies\xx@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\Cookies\xx@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\Cookies\xx@paycounter[2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\Cookies\xx@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\qvxt2.game -> Downloader.Small.aqu : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\qvxt3.game -> Downloader.Small.aqu : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\vx1.game -> Downloader.Small.aqu : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\vx3.game -> Downloader.Small.aqu : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\vxt1.game -> Downloader.Small.cds : Cleaned with backup
    C:\Documents and Settings\xx\Lokale indstillinger\Temp\vxt3.game -> Downloader.Small.aqu : Cleaned with backup
    C:\Documents and Settings\xx\Skrivebord\Windows Keygens\Rock XP 2.0.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Cleaned with backup
    C:\Programmer\MyWay\myBar\2.bin\MYBAR.#LL -> Spyware.MyWay : Cleaned with backup
    C:\RECYCLER\NPROTECT\00439202.exe -> Downloader.Small.aqu : Cleaned with backup
    C:\RECYCLER\NPROTECT\00439209.exe -> Downloader.Small.aqu : Cleaned with backup
    C:\RECYCLER\NPROTECT\00439375.EXE -> Downloader.Small.aqu : Cleaned with backup
    C:\RECYCLER\NPROTECT\00439384.EXE -> Downloader.Small.aqu : Cleaned with backup
    C:\WINDOWS\inet20001\3.00.13.#ll -> Spyware.Ihbo : Cleaned with backup
    C:\WINDOWS\system32\msupdate32.dll -> Backdoor.Delf.ald : Cleaned with backup
    C:\WINDOWS\system32\qvxgamet2.exe -> Downloader.Small.aqu : Cleaned with backup
    C:\WINDOWS\system32\qvxgamet3.exe -> Downloader.Small.aqu : Cleaned with backup
    C:\WINDOWS\system32\vxgame1.exe -> Downloader.Small.aqu : Cleaned with backup
    C:\WINDOWS\system32\vxgame3.exe -> Downloader.Small.aqu : Cleaned with backup
    C:\WINDOWS\system32\vxgamet1.exe -> Downloader.Small.cds : Cleaned with backup
    C:\WINDOWS\system32\vxgamet3.exe -> Downloader.Small.aqu : Cleaned with backup


::Report End

-----------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 17:37:55, on 04-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\xx\Skrivebord\ss\hijackthis.exe
C:\Programmer\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CXMon] "C:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: HotSync Manager.lnk = C:\Programmer\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programmer\MultiPoker\MultiPoker.exe
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programmer\MultiPoker\MultiPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.carprotect.dk/fiat/ScriptX.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {89A312AE-8D21-42B1-848B-FD8E27F9A2A9} (PrimeInk for Web Applications Signing Component) - https://webreg.dk/web.dll
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede arlet Juniormester
04. januar 2006 - 17:46 #1
tjekker den nu
Avatar billede arlet Juniormester
04. januar 2006 - 17:50 #2
De scannere har lavet et kæmpe arbejde.., og der er kun en lille rest tilbage..

Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)

genstart og ny hijackthis log(hvis filen stadig er der, så prøv at starte op i fejlsikret og fix den derfra. Når filen er væk vil jeg gerne se en ny hijackthis
Avatar billede kanabba Nybegynder
04. januar 2006 - 17:52 #3
Det var godt nok hurtig respons.... Jeg gør lige som du har sagt og vender tilbage.... Tak for hjælpen...
Avatar billede kanabba Nybegynder
04. januar 2006 - 18:04 #4
Så er der en ny log:

Logfile of HijackThis v1.99.1
Scan saved at 17:59:38, on 04-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Palm\HOTSYNC.EXE
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\xx\Skrivebord\ss\hijackthis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmer\HP\hpcoretech\comp\hpdarc.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CXMon] "C:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: HotSync Manager.lnk = C:\Programmer\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programmer\MultiPoker\MultiPoker.exe
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programmer\MultiPoker\MultiPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.carprotect.dk/fiat/ScriptX.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {89A312AE-8D21-42B1-848B-FD8E27F9A2A9} (PrimeInk for Web Applications Signing Component) - https://webreg.dk/web.dll
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede kanabba Nybegynder
04. januar 2006 - 18:18 #5
Er på vej ud af døren... Smider lige dine velfortjente points for superhurtigt svar, men hører meget gerne, hvis der er et eller andet i loggen der er overset...

Endnu engang... Tusind tak for hjælpen :o)
Avatar billede arlet Juniormester
04. januar 2006 - 21:43 #6
Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan se her : www.arlet.dk/pakke.htm
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 12:26 4 GB Ram er blevet væk Af Marianne Tidemann i PC
I dag 12:24 strømforsyning Af Shamanji i Andet software
I går 20:17 vlc viser kegle-icon Af casablanca i Andet software
I går 14:01 Oprette / gemme et par fotos i en mappe - Samsung Galaxy A 14 5G ? Af Ikke-ekspert i Mobiltelefoner
I går 11:14 Bærbar til Sims 3? Af idamarie i PC
White papers
Flere white papers »


Premium
Teaser billede
Tidligere Tradeshift-CEO Christian Lanng skyder tilbage efter sexslave-anklager: Deler dagbøger og private beskeder
Læs mere »
”Det største it-nedbrud i historien” lammede store dele af verden: CrowdStrike giver nu kunder en kop kaffe som undskyldning
Top-CIO Rasmus Lundgaard Pedersen balancerer hele tiden mellem to poler
5.000 flyafgange i verden blev aflyst som følge af Crowdstrike-nedbrud: Vil Københavns Lufthavn søge erstatning?
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Læs mere »
Opdag fordelene ved cloud-baseret backup og recovery
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
Sådan høster du forretningsfordelene ved Internet of Things
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »