Hjælp win32.tips
Sidst jeg kørte en virus check fand den de 2 og kunne ikke fjerne dem jeg har så prøvet mange ting kan i se på en log hvordan jeg står ??Resultat: 2 malware blev fundet
Packed.Win32.Tibs (virus)
* C:\WINDOWS\system32\internetoloper.exe
* C:\WINDOWS\system32\phqghume.exe
Logfile of HijackThis v1.97.7
Scan saved at 08:40:09, on 07-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsqh.exe
C:\Programmer\F-Secure\Anti-Virus\fsrw.exe
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft Hardware\Mouse\point32.exe
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\programmer\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Programmer\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Programmer\F-Secure\FSGUI\fsguidll.exe
C:\Programmer\PerSono\PersTray.exe
C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mario1\Skrivebord\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmer\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programmer\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Perstray.lnk = C:\Programmer\PerSono\PersTray.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Block this popup - C:\Programmer\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Programmer\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Programmer\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: IE Shield (HKLM)
O9 - Extra 'Tools' menuitem: IE Shield... (HKLM)
O9 - Extra button: Betway.com Poker (HKLM)
O9 - Extra button: EmpirePoker (HKLM)
O9 - Extra 'Tools' menuitem: EmpirePoker (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\f-secure\fsps\program\fslsp.dll
O16 - DPF: {0A7F4407-A1C8-496A-9670-F13370CAAACC} (SysReg_DK Control) - http://81.19.245.211/system/SysREG_DK.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095284193718
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://business.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
Både mig og min kærste brruger vores dankort meget på nettet + netbank og jeg spiller tidt poker hvor jeg også bruger mit visa.
Håber der er en der kan hjælpe mig selv om jeg ikke er det vildeste til computer. På forhånd mange tak.