Avatar billede superbongo Nybegynder
23. september 2007 - 19:13 Der er 12 kommentarer og
1 løsning

Tjek af Hi.-jack this fil -anyone ?

Hejsa,

Har nogen forstand på at tjekke min log ?:

Her er den:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:29, on 23-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmer\Video ActiveX Access\imsmain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Video ActiveX Access\imsmn.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?sourceid=navclient&hl=da&ie=UTF-8&rlz=1T4GGLJ_daDK228DK228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE7
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmer\IE7Pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Programmer\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmer\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Programmer\Video ActiveX Access\imsmain.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ResumeGrabber - {33406B8B-6A77-49F0-9A76-5395E5122E16} - C:\Programmer\eGrabber\ResumeGrabber Standard 4.2\InternetAddress.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe

--
End of file - 9810 bytes
Avatar billede arlet Juniormester
23. september 2007 - 19:34 #1
Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Kør så combofix.exe, og følg vejledningen i vinduet.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Kopier loggen her ind.
Avatar billede superbongo Nybegynder
23. september 2007 - 22:02 #2
hej..og tak for hurtig hjælp..

Har nu gjort som nævnt - og her er loggen:

ComboFix 07-09-21.2 - "bongobrown" 2007-09-23 21:50:52.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1252 [GMT 2:00]
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\video activex access
C:\Programmer\video activex access\iesbpl.dll
C:\Programmer\video activex access\iesbunst.exe
C:\Programmer\video activex access\iesmn.exe
C:\Programmer\video activex access\iesunst.exe
C:\Programmer\video activex access\imsmain.exe
C:\Programmer\video activex access\imsmn.exe
C:\Programmer\video activex access\imsunst.exe
C:\Programmer\video activex access\ot.ico
C:\Programmer\video activex access\ts.ico
C:\Programmer\video activex access\uninst.exe

.
(((((((((((((((((((((((((  Files Created from 2007-08-23 to 2007-09-23  )))))))))))))))))))))))))))))))
.

2007-09-23 21:50    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-23 19:13    <DIR>    d--------    C:\Programmer\Trend Micro
2007-09-23 15:20    12,160    --a------    C:\WINDOWS\system32\drivers\mouhid.sys
2007-09-23 15:19    9,600    --a------    C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-06 21:57    <DIR>    d--------    C:\DOCUME~1\BONGOB~1\APPLIC~1\Ahead
2007-08-25 10:05    <DIR>    d--------    C:\Programmer\Microsoft Silverlight
2007-08-23 21:41    <DIR>    d--------    C:\Programmer\iPod

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 21:56    10450976    --ahs----    C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-23 21:56    ---------    d--------    C:\Programmer\Kaspersky Lab
2007-09-23 21:35    54944    --ahs----    C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-23 21:35    542496    --ahs----    C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-23 21:35    144104    --ahs----    C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-23 18:11    ---------    d--------    C:\DOCUME~1\BONGOB~1\APPLIC~1\Azureus
2007-09-23 15:37    ---------    d--------    C:\Programmer\Azureus
2007-08-23 21:40    ---------    d--------    C:\Programmer\Apple Software Update
2007-08-22 12:04    ---------    d--------    C:\Programmer\Whisper
2007-08-22 11:32    ---------    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-21 22:02    ---------    d--------    C:\Programmer\Google
2007-08-20 08:07    ---------    d--------    C:\Programmer\MSXML 6.0
2007-08-10 12:36    ---------    d--------    C:\DOCUME~1\BONGOB~1\APPLIC~1\Help
2007-08-04 00:10    ---------    d--------    C:\Programmer\hio-soft
2007-08-04 00:10    ---------    d--------    C:\Programmer\Common Files
2007-08-02 21:49    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-08-02 21:49    ---------    d--------    C:\Programmer\Microprose
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-29 21:28    ---------    d--------    C:\DOCUME~1\BONGOB~1\APPLIC~1\BSplayer
2007-07-29 14:35    ---------    d--------    C:\Programmer\QuickTime
2007-07-28 22:25    ---------    d--------    C:\Programmer\Webteh
2007-07-28 22:25    ---------    d--------    C:\DOCUME~1\BONGOB~1\APPLIC~1\BSplayer Pro
2007-07-27 22:56    ---------    d--------    C:\DOCUME~1\BONGOB~1\APPLIC~1\Microgaming
2007-07-21 19:27    45056    --a------    C:\WINDOWS\ssunstl.exe
2007-07-07 14:47    82944    --a------    C:\WINDOWS\system32\usbmn1x1.dll
2007-07-07 14:47    724992    --a------    C:\WINDOWS\iun6002.exe
2007-06-30 16:52    233472    --a------    C:\WINDOWS\system32\REX Shared Library.dll
2007-06-30 16:52    225280    --a------    C:\WINDOWS\system32\ReWire.dll
2007-06-26 08:06    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2006-11-16 21:30    24391    --a------    C:\WINDOWS\Media\vistasounds.reg
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}"= C:\Programmer\Video ActiveX Access\iesbpl.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\SOUNDMAN.EXE]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [2006-10-05 20:56]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"kav"="C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-24 23:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 08:39]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 08:36]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 08:40]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-24 02:06 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Programmer\ltmoh\Ltmoh.exe" [2003-09-06 02:16]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 03:49]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 03:49]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programmer\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]
"RegistryMechanic"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 10:17]

C:\DOCUME~1\BONGOB~1\MENUEN~1\PROGRA~1\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"=1 (0x1)
"Start_NotifyNewApps"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\QTTask.exe" -atboottime

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Programmer\Everest Ultimate Engineer Edition v.4.00.1021 beta\kerneld.wnt
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
S3 USB11LDR;USB Midi 1x1 Loader;C:\WINDOWS\system32\drivers\usb11ldr.sys
S3 USBMN1X1;USB Midi 1x1;C:\WINDOWS\system32\drivers\usbmn1x1.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-08-23 19:40:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-23 13:36:29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4142D66C-5BC6-4390-9E50-0604E523C633}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 21:55:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-23 21:57:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-23 21:57
.
    --- E O F ---
Avatar billede superbongo Nybegynder
24. september 2007 - 18:40 #3
anyone ?
Avatar billede ejvindh Ekspert
24. september 2007 - 23:44 #4
Loggen er egentlig så godt som ren; men hvis jeg var dig, ville jeg som oprydning også lige køre dette fix:

-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra SmitfraudFix (C:\rapport.txt).
Avatar billede superbongo Nybegynder
29. september 2007 - 18:39 #5
Hej igen.. så fik jeg kørt fix´et og her er "SmitfraudFix" reporten:

SmitFraudFix v2.233

Scan done at 18:31:36.14, 2007-09-29
Run from C:\Documents and Settings\bongobrown\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport til Packet Scheduler
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BFCC20E8-A926-4B02-B757-7F22078342B2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BFCC20E8-A926-4B02-B757-7F22078342B2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BFCC20E8-A926-4B02-B757-7F22078342B2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Avatar billede superbongo Nybegynder
29. september 2007 - 18:40 #6
...og her er Hijackthis.loggen efter en genstart:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36, on 2007-09-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\ltmoh\Ltmoh.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmer\IE7Pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmer\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe

--
End of file - 7641 bytes
Avatar billede ejvindh Ekspert
30. september 2007 - 19:40 #7
Ren log. Kører computeren også tilfredsstillende? For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37
Avatar billede superbongo Nybegynder
16. oktober 2007 - 13:13 #8
Tak for hjælpen...det var rart :)
Avatar billede superbongo Nybegynder
16. oktober 2007 - 13:13 #9
Lukker
Avatar billede superbongo Nybegynder
16. oktober 2007 - 13:13 #10
hov..husk lige at sende et svar så du kan få point...
Avatar billede ejvindh Ekspert
16. oktober 2007 - 15:25 #11
Svar kommer her. Arlet kan gøre det samme, så deler vi i porten ;-)
Avatar billede arlet Juniormester
16. oktober 2007 - 16:53 #12
Jeg skylder vist rigeligt til dig Eivindh, så du nupper dem bare..
Avatar billede superbongo Nybegynder
22. oktober 2007 - 17:19 #13
Takker - og lukker
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester