CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede JohnVamos Praktikant
08. juni 2007 - 08:27 Der er 15 kommentarer og
1 løsning

Browser popuper op

Hejsa derude !!

Jeg har fået et problem som består i at min browser heletiden popper op med en ny side!!  Hvor og hvordan slipper jeg af med det problem ??  har kørt både virus scan og spyware,  men intet har hjulpet!!  har anvendt..  Avg antivirus/spyware, Bit defender, CCleaner.. Så hvad nu??

Venlig hilsen John

Ps siden der popper er den samme hver gang !!
http://url.cpvfeed.com/cpv.jsp?p=110830&ip=80.163.130.142&url=http%3A%2F%2Fwww.eksperten.dk%2Flist.phtml%3Fmethod%3Dand%26excerpt_on%3D1%26find%3Dexplore%2Bpup%2Bup&selectedKeyword=ron&selectedListingId=6432785
Avatar billede peet-49 Novice
08. juni 2007 - 08:34 #1
Den ligger indstalleret på din PC, det er et OnLine kasino. Den ligger sikkert både i den skjulte temp mappe, og i start under msconfig i KØR.
Avatar billede Computer Hjælp (Gratis) Mester
08. juni 2007 - 13:16 #2
... stik mig/os en HiJackThis Log ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm
Avatar billede JohnVamos Praktikant
08. juni 2007 - 19:02 #3
Logfile of HijackThis v1.99.1
Scan saved at 18:52:45, on 08-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Power DVD\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MMDiag.exe
C:\Programmer\Logitech\Keyboard\iTouch\iTouch.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\MUSICMATCH Jukebox\mim.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Programmer\Softwin\BitDefender10\bdagent.exe
C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmer\Veoh Networks\Veoh\VeohClient.exe
C:\Garmin\gStart.exe
C:\Programmer\win commander\TOTALCMD.EXE
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office 2003\OFFICE11\WINWORD.EXE
I:\Backup drive on G\Pakket Filer\System Programmer\Sikkerheds Programmer\Hi jack this\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techno4ever.dk/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmer\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Programmer\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmer\Power DVD\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Programmer\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\Keyboard\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmer\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmer\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Programmer\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175881416687
O17 - HKLM\System\CCS\Services\Tcpip\..\{B40147E0-3F00-48E3-AE3C-F486A6BAEC7D}: NameServer = 199.239.134.83,193.162.153.164
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programmer\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmer\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Avatar billede Computer Hjælp (Gratis) Mester
09. juni 2007 - 12:07 #4
1) Omgang ->


Smitfraudfix

Download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri)
Til roden af C:drevet

Genstart i fejlsikret tilstand, hvis du ikke ved hvordan så kig her:
http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Dobbeltklik på C:\Smitfraud exe. Vælg punkt [2]. Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

Genstart og læg en frisk Hijackthislog herind, loggen fra SmitfraudFix (C:\rapport.txt) og fortæl hvordan computeren kører.

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!


PS: Elsker du denne [Yahoo! Toolbar] ?
Avatar billede JohnVamos Praktikant
09. juni 2007 - 16:29 #5
Dette er så den nye log,  men siden popper stadig op !!!  :-(


Logfile of HijackThis v1.99.1
Scan saved at 16:28:20, on 09-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Power DVD\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Programmer\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Logitech\Keyboard\iTouch\iTouch.exe
C:\PROGRA~1\MUSICM~1\MMDiag.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Softwin\BitDefender10\bdmcon.exe
C:\Programmer\Softwin\BitDefender10\bdagent.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MUSICMATCH Jukebox\mim.exe
C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmer\Veoh Networks\Veoh\VeohClient.exe
C:\Garmin\gStart.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\win commander\TOTALCMD.EXE
I:\Backup drive on G\Pakket Filer\System Programmer\Sikkerheds Programmer\Hi jack this\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmer\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Programmer\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmer\Power DVD\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Programmer\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\Keyboard\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmer\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmer\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Programmer\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175881416687
O17 - HKLM\System\CCS\Services\Tcpip\..\{B40147E0-3F00-48E3-AE3C-F486A6BAEC7D}: NameServer = 199.239.134.83,193.162.153.164
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programmer\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmer\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Avatar billede Computer Hjælp (Gratis) Mester
10. juni 2007 - 14:13 #6
...loggen fra SmitfraudFix (C:\rapport.txt) ???
Avatar billede Computer Hjælp (Gratis) Mester
10. juni 2007 - 14:18 #7
Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten
* VNC Server Version 4
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmer\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Programmer\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [MMTray] "C:\Programmer\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

------------------------------------------------------------------------
Avatar billede JohnVamos Praktikant
11. juni 2007 - 08:26 #8
Done og her er de nye logs så..

SmitFraudFix v2.194

Scan done at 16:21:06,25, 09-06-2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B40147E0-3F00-48E3-AE3C-F486A6BAEC7D}: NameServer=199.239.134.83,193.162.153.164
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B40147E0-3F00-48E3-AE3C-F486A6BAEC7D}: NameServer=199.239.134.83,193.162.153.164
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B40147E0-3F00-48E3-AE3C-F486A6BAEC7D}: NameServer=199.239.134.83,193.162.153.164


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 08:09:43, on 11-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Power DVD\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Logitech\Keyboard\iTouch\iTouch.exe
C:\Programmer\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmer\Veoh Networks\Veoh\VeohClient.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
I:\Backup drive on G\Pakket Filer\System Programmer\Sikkerheds Programmer\Hi jack this\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techno4ever.dk/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmer\Power DVD\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\Keyboard\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [BDMCon] "C:\Programmer\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmer\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Programmer\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175881416687
O17 - HKLM\System\CCS\Services\Tcpip\..\{B40147E0-3F00-48E3-AE3C-F486A6BAEC7D}: NameServer = 199.239.134.83,193.162.153.164
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programmer\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmer\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Ps jeg har kørt Ccleaner og gør det næsten hver dag !!
Men problemet er der stadig !!  hulk..  :(
Avatar billede Computer Hjælp (Gratis) Mester
11. juni 2007 - 21:25 #9
Kør en tur mere med HiJackThis MEN inden næste kørsel skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!

samt

Hent dette værktøj, og gem det på dit skrivebord: http://www.uploads.ejvindh.net/rootchk.exe

Kør programmet rootchk.exe som du gemte på skrivebordet. Efter kort tid vil der dukke en logfil op, som kan findes her C:\rootlog txt. Kopier indholdet af denne log ind i tråden.
NB: Filen "rootchk.exe" bliver af visse antivirus-programmer identificeret som "Trojan". Det har dog ikke noget på sig!
Avatar billede JohnVamos Praktikant
12. juni 2007 - 07:47 #10
Hmm den pop up side begynder at gå mig på !!  lol

Her er så de nye rapporter så !! 

********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh
12-06-2007  7:42:03,29

Driver Core (visible) is present. Run COMBOFIX by sUBs or SDFIX by AndyManchesta.
Driver nm (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 07:42:04
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

Logfile of HijackThis v1.99.1
Scan saved at 07:40:59, on 12-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Power DVD\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Logitech\Keyboard\iTouch\iTouch.exe
C:\Programmer\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmer\Veoh Networks\Veoh\VeohClient.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\win commander\TOTALCMD.EXE
I:\Backup drive on G\Pakket Filer\System Programmer\Sikkerheds Programmer\Hi jack this\ALTERNATIV.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techno4ever.dk/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmer\Power DVD\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\Keyboard\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [BDMCon] "C:\Programmer\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmer\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Programmer\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175881416687
O17 - HKLM\System\CCS\Services\Tcpip\..\{B40147E0-3F00-48E3-AE3C-F486A6BAEC7D}: NameServer = 199.239.134.83,193.162.153.164
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programmer\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmer\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Avatar billede Computer Hjælp (Gratis) Mester
12. juni 2007 - 22:55 #11
-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede JohnVamos Praktikant
13. juni 2007 - 08:41 #12
Så prøver vi denne her !!....

ComboFix 07-06-13.3 - C:\Documents and Settings\John Vamos\Skrivebord\ComboFix.exe
"John Vamos" - 2007-06-13  8:22:14 - Service Pack 2  NTFS 


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core
-------\nm


(((((((((((((((((((((((((  Files Created from 2007-05-13 to 2007-06-13  )))))))))))))))))))))))))))))))


2007-06-13 08:21    49,152    --a------    C:\WINDOWS\nircmd.exe
2007-06-09 16:16    2,485,766    --a------    C:\SmitfraudFix.exe
2007-06-09 16:16    <DIR>    d--------    C:\SmitfraudFix
2007-06-09 16:12    3,778    --a------    C:\WINDOWS\system32\tmp.reg
2007-06-09 16:10    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-06-09 16:10    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-06-09 16:10    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-06-09 13:57    <DIR>    d--------    C:\Programmer\Windows Live
2007-06-08 12:19    <DIR>    d--------    C:\WINDOWS\pss
2007-06-08 07:55    34,576    --a------    C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-06-08 07:55    33,296    --a------    C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-06-08 07:55    1,419,024    --a------    C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-06-08 07:55    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-06-07 08:00    81,984    --a------    C:\WINDOWS\system32\bdod.bin
2007-06-07 07:58    <DIR>    d--------    C:\DOCUME~1\JOHNVA~1\APPLIC~1\Bitdefender
2007-06-07 07:55    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-06-06 17:28    <DIR>    d--------    C:\WINDOWS\BDOSCAN8
2007-06-06 16:58    <DIR>    d--------    C:\DOCUME~1\JOHNVA~1\APPLIC~1\PhraseExpress
2007-06-06 16:58    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PhraseExpress
2007-06-06 05:26    <DIR>    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-05 07:19    233,472    --a------    C:\WINDOWS\system32\REX Shared Library.dll
2007-06-05 07:19    225,280    --a------    C:\WINDOWS\system32\ReWire.dll
2007-06-05 07:19    <DIR>    d--------    C:\DOCUME~1\JOHNVA~1\APPLIC~1\Propellerhead Software
2007-06-05 07:19    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
2007-06-05 07:11    <DIR>    d--------    C:\Programmer\Propellerhead
2007-06-05 06:18    <DIR>    d--------    C:\Programmer\MagicISO
2007-06-05 06:09    <DIR>    d--------    C:\DOCUME~1\JOHNVA~1\APPLIC~1\WinRAR
2007-06-05 05:55    86,056    --a------    C:\WINDOWS\system32\build_dol.exe
2007-06-05 03:55    <DIR>    d--------    C:\DOCUME~1\JOHNVA~1\APPLIC~1\uTorrent
2007-06-03 19:26    <DIR>    d--------    C:\Program Files
2007-06-02 19:57    <DIR>    d--------    C:\Garmin
2007-06-02 19:00    <DIR>    d--------    C:\Programmer\DVD Shrink
2007-06-02 19:00    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-06-01 09:45    <DIR>    d--------    C:\Programmer\LimeWire
2007-06-01 09:45    <DIR>    d--------    C:\DOCUME~1\JOHNVA~1\Incomplete
2007-06-01 09:35    <DIR>    d--------    C:\DOCUME~1\JOHNVA~1\.limewire
2007-05-27 09:37    <DIR>    d--------    C:\DOCUME~1\JOHNVA~1\APPLIC~1\Elaborate Bytes
2007-05-27 09:33    <DIR>    d--------    C:\Programmer\Elaborate Bytes
2007-05-24 15:19    59,264    --a------    C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-05-24 15:19    21,504    --a------    C:\WINDOWS\system32\hidserv.dll
2007-05-18 03:54    <DIR>    d--------    C:\Programmer\VirtualDJ


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 06:26:48    --------    d-----w    C:\DOCUME~1\JOHNVA~1\APPLIC~1\nView_Wallpaper
2007-06-10 06:41:06    --------    d-----w    C:\Programmer\MUSICMATCH Jukebox
2007-06-09 14:26:54    48,284    ----a-w    C:\WINDOWS\system32\perfc006.dat
2007-06-09 14:26:54    327,994    ----a-w    C:\WINDOWS\system32\perfh006.dat
2007-06-09 11:57:21    --------    d-----w    C:\Programmer\MSN Messenger
2007-06-09 11:57:21    --------    d-----w    C:\Programmer\Messenger Plus! Live
2007-06-08 05:57:24    --------    d-----w    C:\Programmer\Fælles filer\Microsoft Shared
2007-06-08 05:55:44    --------    d-----w    C:\Programmer\Fælles filer\Logitech
2007-06-08 05:55:20    --------    d-----w    C:\Programmer\Logitech
2007-06-07 05:55:06    --------    d-----w    C:\Programmer\Fælles filer\Softwin
2007-06-07 05:54:04    --------    d-----w    C:\Programmer\Fælles filer
2007-06-06 10:07:57    --------    d-----w    C:\DOCUME~1\JOHNVA~1\APPLIC~1\SolSuite
2007-06-06 03:47:37    --------    d-----w    C:\Programmer\Ad-Aware SE Personal
2007-06-04 10:22:55    --------    d-----w    C:\Programmer\DivX
2007-05-19 03:59:51    --------    d-----w    C:\Programmer\Winamp
2007-05-18 06:55:50    --------    d-----w    C:\DOCUME~1\JOHNVA~1\APPLIC~1\Roxio
2007-05-10 10:47:05    --------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-05-10 10:46:11    --------    d-----w    C:\Programmer\Veoh Networks
2007-05-06 22:42:47    --------    d-----w    C:\Programmer\Fælles filer\NSV
2007-04-26 06:27:57    --------    d-----w    C:\DOCUME~1\JOHNVA~1\APPLIC~1\CyberLink
2007-04-23 00:15:18    200,704    ----a-w    C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18    1,044,480    ----a-w    C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:05:20    4,212    ---h--w    C:\WINDOWS\system32\zllictbl.dat
2007-04-22 09:16:53    --------    d-----w    C:\DOCUME~1\JOHNVA~1\APPLIC~1\Help
2007-04-22 07:15:34    --------    d-----w    C:\Programmer\Diskeeper
2007-04-20 19:16:08    --------    d-----w    C:\DOCUME~1\JOHNVA~1\APPLIC~1\Creative
2007-04-17 07:03:42    --------    d-----w    C:\Programmer\win commander
2007-04-15 22:38:48    --------    d-----w    C:\DOCUME~1\JOHNVA~1\APPLIC~1\Ventrilo
2007-04-15 22:34:36    --------    d-----w    C:\Programmer\Ventrilo
2007-04-15 22:34:15    --------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-04-11 18:21:20    60,416    ----a-w    C:\WINDOWS\ALCFDRTM.EXE
2007-04-07 03:11:37    737,280    ----a-w    C:\WINDOWS\iun6002.exe
2007-04-06 13:51:11    0    --sha-r    C:\MSDOS.SYS
2007-04-06 13:51:11    0    --sha-r    C:\IO.SYS
2007-04-06 13:51:11    0    ----a-w    C:\CONFIG.SYS
2007-04-06 13:51:11    0    ----a-w    C:\AUTOEXEC.BAT
2007-04-06 13:48:02    21,644    ----a-w    C:\WINDOWS\system32\emptyregdb.dat


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programmer\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 07:48 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-06-15 17:20 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 11:33]
"DiskeeperSystray"="C:\Programmer\Diskeeper\DkIcon.exe" [2005-07-26 17:52]
"ZoneAlarm Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"RemoteControl"="C:\Programmer\Power DVD\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"RoxWatchTray"="C:\Programmer\Fælles filer\Roxio Shared\SharedCOM8\RoxWatchTray.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"zBrowser Launcher"="C:\Programmer\Logitech\Keyboard\iTouch\iTouch.exe" [2004-03-18 09:33]
"ISUSPM Startup"="C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 07:50]
"BDMCon"="C:\Programmer\Softwin\BitDefender10\bdmcon.exe" [2006-08-04 16:22]
"BDAgent"="C:\Programmer\Softwin\BitDefender10\bdagent.exe" [2006-06-20 14:35]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00]
"CTSyncU.exe"="C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32]
"Veoh"="C:\Programmer\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc    usnsvc


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 08:25:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-13  8:28:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-13 08:27

    --- E O F ---
Avatar billede Computer Hjælp (Gratis) Mester
13. juni 2007 - 10:19 #13
... når du har/har haft [Messenger Plus! Live] + [LIMEWIRE] + [uTorrent] så invitere du jo til 'snavs'/virus !!!
UD MED DET ...

------------

Hvordan kører putter så nu ?
Avatar billede JohnVamos Praktikant
14. juni 2007 - 17:32 #14
Hejsa du !! Lige pt.. se det ud til at være løst nu,  har ikke fået nogen popup siden !!  Så det må det være...


Hilsen John
Avatar billede Computer Hjælp (Gratis) Mester
15. juni 2007 - 07:39 #15
BINGO...

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede JohnVamos Praktikant
15. juni 2007 - 14:04 #16
Jeg takker mange. og har sikkert lært noget nyt her!!  Enud en gag tak for hjælpen
Hilsen john..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andre onlineløsninger kategorien

Titel Indlæg Oprettet Seneste aktivitet
Google maps - afstanden altid i km - pc Af 1Dorte i Andre onlineløsninger 5 11/11/202409:41 11/11/202419:36
Problem med WordPress-installation via One.com's 1-klik installation 🚨 Af tobiasandersen i Andre onlineløsninger 7 09/09/202408:56 18/09/202415:18
Kunstig Enteligents For Synshandicappede Af tobberjas i Andre onlineløsninger 4 25/05/202411:37 26/05/202423:04
Hvor gemmer e-conomic momspercentage? Af Computernørderne i Andre onlineløsninger 2 20/04/202419:04 22/04/202411:06
Mailchimp: placere Image block i midten af teksten Af visto i Andre onlineløsninger 4 10/04/202421:45 14/04/202419:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
1 min siden Zyxel Multy U netværk Af jcr18 i Wifi
I dag 08:52 DOWNLOAD TIL SAMME MAPPE Af snestrup2000 i Browsere
I dag 00:54 Windows 11 Pro - IIS Af bsn i Windows
I går 18:46 Omdanne stik på router til USB Af valby i Routere & Switches
I går 10:49 Ændring finansår C5 Af Lene i Økonomiprogrammer
White papers
Flere white papers »


Premium
Teaser billede
Kunderne raser, og priserne er eksploderet: Alligevel er salget af VMware en kæmpe-succes
Læs mere »
Boghandler er blevet en af Danmarks førende eksperter i Microsoft Teams: "Til at begynde med virkede det fuldstændig uopnåeligt"
Bryder ind i alle typer smartphones: Politiet bruger israelsk hackervåben mod bander
Microsoft hæver priserne på M365: Sådan kommer de nye priser til at ramme
Se alle »
Computerworld
Teaser billede
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Læs mere »
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Test: Den snusfornuftige Volkswagen ID.3 blevet til lidt af el-bisse
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Se alle »
CIO
Teaser billede
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Læs mere »
Microsoft hæver priserne på M365: Sådan kommer de nye priser til at ramme
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Microsoft et døgn efter nedbrud: Stadig problemer med Outlook
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Topchef Sara Green mener, at der er brug for et radikalt nyt syn på it-ledelse - særligt én ny trend hader hun som pesten
Se alle »
White paper
Teaser billede
Derfor kræver AI, cloud og sikkerhed et stærkere netværk
Læs mere »
SMB og cybertrusler: Brug sikkerhedsressourcerne optimalt
Er din cybersikkerhed klar til AI-revolutionen?
Governance, Risk & Compliance: Knyt stærke bånd mellem forretning og sikkerhed
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »