CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede jomcdk Nybegynder
03. juli 2007 - 16:53 Der er 6 kommentarer og
1 løsning

MSN "myalbum" virus + hijackthis, SAS og drweb logs

Kære Eksperter!

Jeg modtog her den anden dag en "myalbum2007" .zip -fil som "sjovt" nok viste sig at være en msn virus.

Efter to minutters panik har jeg fulgt guiden om msn virus, og er nu nået til indsending af logs...
Kan i finde noget smuds? Er ikke hård til dette virus halløj...

--------------------------------------------------------------
DRWEB log:

WinBejSetup-dm.exe;C:\Documents and Settings\Johnny\Dokumenter\Downloads unpacks;Adware.TryMedia;Renamed.;

------------------------------------------------------------------
SUPERAntiSpyware Scan Log
Generated 07/03/2007 at 01:44 PM

Application Version : 3.5.1016

Core Rules Database Version : 3263
Trace Rules Database Version: 1274

Scan type      : Complete Scan
Total Scan Time : 00:50:59

Memory items scanned      : 191
Memory threats detected  : 0
Registry items scanned    : 5796
Registry threats detected : 0
File items scanned        : 31470
File threats detected    : 30

Adware.Tracking Cookie
    C:\Documents and Settings\Johnny\Cookies\johnny@adultadworld[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@counter10.sextracker[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@atdmt[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@advertising[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@fastclick[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@imrworldwide[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@adbrite[3].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@mediaplex[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@c5.zedo[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@adfarm1.adition[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@adtech[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@www.burstnet[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@4.adbrite[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@adbrite[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@1070899926[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@www.sexlinien[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@ads.adbrite[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@casalemedia[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@zedo[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@adfair[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@doubleclick[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@track.adform[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@2o7[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@analsexpiger[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@tradedoubler[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@sextracker[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@ad.iconadserver[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@burstnet[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@www.sexaben[1].txt




-------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:26:44, on 03-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Fælles filer\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\IBM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Johnny\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.ah.dk/MySite/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af DLG Tele
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll (file missing)
O3 - Toolbar: Norton-værktøjslinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Programmer\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\system32\usbtapnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TPKMAPMN] C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmer\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.dlg.dk
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C066D2D2-8E24-4581-9B80-F592D7535F18}: NameServer = 212.242.40.3 212.242.40.51
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: psfus - C:\Programmer\IBM fingerprint software\psfus.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: system32 - {F6B4C8A8-FF66-47CC-AF51-4ED65AB6FECE} - sysprinters.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                    - C:\Programmer\Fælles filer\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Programmer\Fælles filer\Virtual Token\vtserver.exe

------------------------------------------------------------------

Håber i vil give mig en hjælpende hånd :D
Ser ud til at jeg er blevet afsløret i nogle "voksen sider". ups.

Mvh
Johnny
Avatar billede Computer Hjælp (Gratis) Mester
03. juli 2007 - 17:36 #1
(Jeg ser på den...)
Avatar billede Computer Hjælp (Gratis) Mester
03. juli 2007 - 17:37 #2
-- Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind, sammen med en ny log fra Hijackthis
Avatar billede jomcdk Nybegynder
03. juli 2007 - 21:39 #3
Halløj!

Nu gjorde jeg som anvist. :)

---------------------------SDFix log---------------------------------------------
SDFix: Version 1.89

Run by Johnny on 03-07-2007 at 21:21

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Programmer\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:IBM Update Connector"
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Programmer\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:IBM Update Connector"
"C:\\Programmer\\IBM\\Updater\\ucsmb.exe"="C:\\Programmer\\IBM\\Updater\\ucsmb.exe:*:Enabled:IBM Update Connector"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmer\\Messenger\\MSMSGS.EXE"="C:\\Programmer\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\iTunes\\iTunes.exe"="C:\\Programmer\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmer\\Skype\\Phone\\Skype.exe"="C:\\Programmer\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Programmer\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:IBM Update Connector"
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Programmer\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:IBM Update Connector"
"C:\\Programmer\\IBM\\Updater\\ucsmb.exe"="C:\\Programmer\\IBM\\Updater\\ucsmb.exe:*:Enabled:IBM Update Connector"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\Johnny\Dokumenter\Musik\R. Kelly\TP-2.Com\desktop.ini
C:\Documents and Settings\Johnny\Dokumenter\Musik\R. Kelly\TP-2.Com\AlbumArtSmall.jpg
C:\Documents and Settings\Johnny\Dokumenter\Musik\R. Kelly\TP-2.Com\AlbumArt_{F62EF243-F051-43D7-BC4B-22C89A586C8E}_Small.jpg
C:\Documents and Settings\Johnny\Dokumenter\Musik\R. Kelly\TP-2.Com\Folder.jpg
C:\Documents and Settings\Johnny\Dokumenter\Musik\R. Kelly\TP-2.Com\AlbumArt_{F62EF243-F051-43D7-BC4B-22C89A586C8E}_Large.jpg
C:\Program Files\Replay Converter\cygwin1.dll
C:\Program Files\Replay Converter\cygz.dll
C:\Program Files\Replay Converter\App\cygz.dll
C:\Documents and Settings\Johnny\Application Data\U3\temp\Launchpad Removal.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Historie\~WRL0003.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Samfundsfag\~WRL0060.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Tv‘rfagligeforl›b\INDIVIDUEL EKSAMENS RAPPORT\~WRL0103.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Tv‘rfagligeforl›b\INDIVIDUEL EKSAMENS RAPPORT\~WRL1837.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Tv‘rfagligeforl›b\INDIVIDUEL EKSAMENS RAPPORT\~WRL2320.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Tv‘rfagligeforl›b\INDIVIDUEL EKSAMENS RAPPORT\~WRL2683.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Tv‘rfagligeforl›b\INDIVIDUEL EKSAMENS RAPPORT\~WRL2722.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Tv‘rfagligeforl›b\INDIVIDUEL EKSAMENS RAPPORT\~WRL2735.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Tv‘rfagligeforl›b\INDIVIDUEL EKSAMENS RAPPORT\~WRL3942.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Virksomhedskonomi\~WRL1379.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\1. HHX\Virksomhedskonomi\~WRL4031.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\HHx 2\Afs‘tning 2\opgaver bind 2\~WRL2073.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\HHx 2\Kulturforst†else\k›nsroller\~WRL2647.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\HHx 2\Kulturforst†else\k›nsroller\~WRL3105.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\HHx 2\Tysk\~WRL2783.tmp
C:\Documents and Settings\Johnny\Dokumenter\HHX\HHx 2\Erhvervscase\Erhvervscase milj›teknologi\~WRL0835.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL1496.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL1626.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL2853.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL2591.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL3764.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL1638.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL0682.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL2773.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL2836.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL1075.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL0896.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL1552.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL2217.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL2329.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL3087.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL3987.tmp
C:\Documents and Settings\Johnny\Skrivebord\~WRL2683.tmp

                                Finished
-------------------------------------------------------------------------------------


LOGFIL FOR HIJACKTHIS:
-------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:37:00, on 03-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Fælles filer\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\IBM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Johnny\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.ah.dk/MySite/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af DLG Tele
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll (file missing)
O3 - Toolbar: Norton-værktøjslinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Programmer\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\system32\usbtapnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TPKMAPMN] C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmer\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.dlg.dk
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C066D2D2-8E24-4581-9B80-F592D7535F18}: NameServer = 212.242.40.3 212.242.40.51
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: psfus - C:\Programmer\IBM fingerprint software\psfus.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                    - C:\Programmer\Fælles filer\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Programmer\Fælles filer\Virtual Token\vtserver.exe
----------------------------------------------------------------------------------

mvh
Johnny
Avatar billede jomcdk Nybegynder
03. juli 2007 - 21:45 #4
Jeg tør ikke rigtig benytte (installere igen) MSN før jeg ved "virussen" er væk. Ønsker ikke at belemre mine stakkels kontakter med det. (og heller ej blive til grin endnu engang)

Håber du (eller nogle andre) er søde at hjælpe mig ud af kniben.
Avatar billede Computer Hjælp (Gratis) Mester
03. juli 2007 - 22:03 #5
Din log er 'ren' - efterfølgende oprydning generelt ->


Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Genstart normalt - behøver ikke at se mere log...

------------------------------------------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede Computer Hjælp (Gratis) Mester
03. juli 2007 - 22:04 #6
Du er velkommen en anden gang...

Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt prik i "Vis ikke skjulte filer og mapper".

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede jomcdk Nybegynder
04. juli 2007 - 00:20 #7
Så nu har jeg gjort det hele med crap cleaner etc..
Så nu afventer jeg lige et par dage, og ser om virussen vækkes til live.

So far siger jeg mange tak for hjælpen. Jeg er gavmild og smider samtlgie points i
nakken af dig ASAP.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 8 I går 20:49 I dag 08:19
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:49 pop up black friday Af Malm i Virus
I går 18:31 Hvor finder jeg en netværksdriver? Af jcr18 i Wifi
I går 16:49 Identificér og hent del af tekststreng Af TheLibrarian i Excel
I går 16:30 Smart vægt til fitness tracking Af Henrik i Fitness & Smartwatches
I går 08:08 touchpad virker ikke Af Malm i PC
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Test: Audi Q6 er en super fed SUV - men gør dig selv en tjeneste og kast flere penge efter den
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Stor sag mod Microsoft kan være på vej: Beskyldes for at låse Azure-kunder fast med ulovlige metoder
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Tre Norlys-topchefer fratræder med omgående virkning: Internet-forretningen er udfordret - vil have mere fart i integrationen af Telia Danmark
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Se alle »
White paper
Teaser billede
MDR: Transparent sikkerhed og overvågning i realtid
Læs mere »
Managed Detection & Response: Forsvar din virksomhed mod cybertrusler døgnet rundt
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »