Hjælp til Hijackthis Log
Hejsa.Først en mega kanon fed side der bliver holdt her. Det er da utroligt SÅ meget hjælp man kan få. Tak skal i have.
Mit problem er flg:
Har fået nogen mæekelige "virus warnings - hjælpe programmer - osv" men self. er der INTET af det som hjælper. Ved godt, at det er nogen "snyde" programmer :) Og jeg ved faktisk ikke helt hvordan jeg har fået dem i første omgang??.
Nåmen jeg har DL og kørt SUPERAntiSpyware - Dr.Web - HiJackThis, og de fandt da også en del. Jeg har nu gjort som jeg har læst mig frem til og vil gerne have hjælp til loggen her.
På forhånd tak.
Logfile of HijackThis v1.99.1
Scan saved at 12:23:25, on 12-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Installeret\Tweak-XP Pro\popup.exe
C:\Installeret\Tweak-XP Pro\AdBlocker.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Skrivebord\Download\Anti & spyprogrammer\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskespil.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskespil.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Spillekrogens Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E990487-A960-4D16-AFF8-72642DD70511} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pop-Up-Blocker] "C:\Installeret\Tweak-XP Pro\popup.exe"
O4 - HKCU\..\Run: [BlockAds] "C:\Installeret\Tweak-XP Pro\AdBlocker.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
mirc.#xe C:\Download\mIRC Program.mIRC.612 Renamed.
mirc.#xe C:\mIRC Program.mIRC.617 Renamed.
A0019430.#ll C:\System Volume Information\_restore{7FD72997-4A4D-4F38-9F6C-CC7ED642FD63}\RP156 Adware.FastSearch Renamed.
A0021978.#xe C:\System Volume Information\_restore{7FD72997-4A4D-4F38-9F6C-CC7ED642FD63}\RP172 Program.mIRC.612 Renamed.
SUPERAntiSpyware Scan Log
Generated 08/12/2006 at 12:14 PM
Core Rules Database Version : 3047
Trace Rules Database Version: 1097
Memory threats detected : 1
Registry threats detected : 39
File threats detected : 14
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\MLLJK.DLL
C:\WINDOWS\SYSTEM32\MLLJK.DLL
HKLM\Software\Classes\CLSID\{2E990487-A960-4D16-AFF8-72642DD70511}
HKCR\CLSID\{2E990487-A960-4D16-AFF8-72642DD70511}
HKCR\CLSID\{2E990487-A960-4D16-AFF8-72642DD70511}\InprocServer32
HKCR\CLSID\{2E990487-A960-4D16-AFF8-72642DD70511}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E990487-A960-4D16-AFF8-72642DD70511}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mlljk
Browser Hijacker.BestSafetyGuide
HKLM\Software\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}
HKCR\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}
HKCR\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}
HKCR\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}\InprocServer32
HKCR\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4}\InprocServer32#ThreadingModel
C:\WINDOWS\system32\ixt0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\thomas munkø@indexstats[1].txt
C:\Documents and Settings\Administrator\Cookies\thomas munkø@www.winantivirus[1].txt
C:\Documents and Settings\Administrator\Cookies\thomas munkø@stats1.reliablestats[1].txt
C:\Documents and Settings\Administrator\Cookies\thomas munkø@ad1.emediate[1].txt
C:\Documents and Settings\Administrator\Cookies\thomas munkø@dk.winantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\thomas munkø@winantivirus[1].txt
Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\WINDOWS\system32\stera.job
Trojan.Security Toolbar
C:\Documents and Settings\Administrator\Foretrukne\Antivirus Test Online.url
Trojan.AtmClk
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#kernel32.dll [ C:\WINDOWS\system32\isnotify.exe ]
Malware.Notifier
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#ishost.exe [ ishost.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#issearch.exe [ issearch.exe ]
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\Prefetch\ISNOTIFY.EXE-2D5DE1A8.pf
Malware.AntiVirusGolden
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\CNihdgl
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\Control
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\doFqRkrAyn
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\ftruhmJbBbmxj
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\Implemented Categories
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\InprocServer32
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\InprocServer32#ThreadingModel
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\MiscStatus
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\MiscStatus\1
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\ProgID
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\Programmable
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\qSGdcA
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\ToolboxBitmap32
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\TypeLib
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\Version
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\VersionIndependentProgID
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\xczgjsdCTdipr
HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\xoqxpqvXwL
Trojan.Malware
C:\Documents and Settings\Administrator\Skrivebord\Download\Anti & spyprogrammer\mw_install.exe
Trojan.Unknown Origin
C:\WINDOWS\system32\ot.ico
Dette er en kombitation af Dr.Web - SUPERAntiSpyware & HiJackThis.
Og lige PT. ser min PCèr ud til, at virke, for der er ikke noget der popper op eller noget.
Igen tusind tak for hjælpen.
Da jeg er ny her ved jeg ikke hvor mange point jeg skal give så er 100 nok????
Mvh Thomas