CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede struve_aalborg Nybegynder
25. februar 2008 - 21:28 Der er 17 kommentarer

Trojan-gen (other) og SdBot-4145 [Trj]

Mit virusprogram Avast har fanget følgende vira Win32:SbBot-4145 [Trj] og Win32:Trojan-gen (other) - men hvordan kommer man af med dem igen?

Logfil fra HiJack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:01, on 25-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashSimpl.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Else & Morten\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.stofa.dk/listmessages.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BAD792A4-EE5B-43E8-8F14-9D7487D03C4B} - C:\WINDOWS\System32\atrac.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: www.himmerland.dk
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O15 - Trusted Zone: www.testby.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.himmerland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmer\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmer\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O21 - SSODL: JjGWqXVJP - {6818F2CD-C2B2-5867-4F7A-C62A7DA27C38} - C:\WINDOWS\System32\epgziy.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 8087 bytes
Avatar billede Computer Hjælp (Gratis) Mester
25. februar 2008 - 21:34 #1
Joooo ... der er også et par (foreløbige) synlige Uønskede elementer ...

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede fromsej Praktikant
08. marts 2008 - 18:55 #2
Vil du være venlig at fjerne logfilen fra kommentarer i min artikel, og kopiere dem ind her i stedet for?
http://www.eksperten.dk/artikler/1123
Det er umuligt at tjekke dem udfra kommentaren, da logfilerne er brudt på mystiske måder.
Avatar billede Computer Hjælp (Gratis) Mester
08. marts 2008 - 23:52 #3
(Hvad endte OGSÅ denne tråd med?)
Avatar billede struve_aalborg Nybegynder
11. marts 2008 - 18:13 #4
Fromsej - har du en idé til hvordan jeg fjerner logfilen fra din artikkel?
Avatar billede fromsej Praktikant
11. marts 2008 - 18:30 #5
Jeg har lige kigget på en af mine egne kommentarer til en artikel, jeg kan ikke se en mulighed for at slette, men du kan fjerne indholdet, og lade kommentaren være blank.
Jeg spørger lige de "højere" magter.(Snowball)
Avatar billede snowball Novice
11. marts 2008 - 19:00 #6
Man kan desværre ikke helt fjerne sin kommentar når man først har skrevet (spørg mig ikke hvorfor ;)), men som fromsej skriver, så kan du blot slette indholdet af kommentaren og evt. skrive noget andet.

Snowball / Admin
Avatar billede struve_aalborg Nybegynder
12. marts 2008 - 08:28 #7
Jeg har slettet min kommentar i artiklen!

Jeg har lige kørt en virusscan, og den viser, at der stadig er trojaner på computeren. Den gode nyhed er, at en af dem jeg startede med er væk men den dårlige nyhed er, at den anden er der stadig, og der er kommet en ny til!   
Win32:Adware-gen [Adw]
Win32:Trojan-gen [Other]
Hvordan kommer jeg af med dem?

Log fil fra HiJackThis
Logfile of HijackThis v1.99.1
Scan saved at 18:33:21, on 11-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Else & Morten\Skrivebord\Virus\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.stofa.dk/listmessages.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BAD792A4-EE5B-43E8-8F14-9D7487D03C4B} - C:\WINDOWS\System32\atrac.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [bm] "C:\Programmer\Fælles filer\VirusForsvar\bm.exe" dm=http://virusforsvar.com ad=http://virusforsvar.com sd=http://itemoin.virusforsvar.com
O4 - HKLM\..\Run: [ptask] C:\Programmer\VirusForsvar\ptask.exe
O4 - HKLM\..\Run: [UADCDK_4125075708] "C:\Programmer\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Else & Morten\Lokale indstillinger\Temporary Internet Files\Content.IE5\TFV8UWP7\installer_sbd_en[1].exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Programmer\SpyShredder\SpyShredder.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: www.himmerland.dk
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O15 - Trusted Zone: www.testby.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.himmerland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Programmer\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Programmer\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: JjGWqXVJP - {6818F2CD-C2B2-5867-4F7A-C62A7DA27C38} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Avatar billede Computer Hjælp (Gratis) Mester
12. marts 2008 - 17:44 #8
Som sagt/skrevet ->
http://www.eksperten.dk/artikler/1123
Avatar billede fromsej Praktikant
12. marts 2008 - 18:19 #9
Hvis du kører de sidste to scannere fra artiklen, så har vi meget nemmere ved at hjælpe dig.
Tak for at du rettede din kommentar. *S*
Avatar billede struve_aalborg Nybegynder
12. marts 2008 - 20:03 #10
Altså HiJackThis og Combofix?
Avatar billede Computer Hjælp (Gratis) Mester
12. marts 2008 - 20:22 #11
* SuperAntiSpyware
* ComboFix
Som beskrevet...

+ en efterfølgende frisk HiHackThis Log ...
Avatar billede struve_aalborg Nybegynder
15. marts 2008 - 12:53 #12
Hermed lodfilerne

SUPERANTISPYWARE

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/15/2008 at 12:25 PM

Application Version : 4.0.1154

Core Rules Database Version : 3420
Trace Rules Database Version: 1412

Scan type      : Complete Scan
Total Scan Time : 00:43:35

Memory items scanned      : 167
Memory threats detected  : 0
Registry items scanned    : 4828
Registry threats detected : 20
File items scanned        : 14177
File threats detected    : 9

Trojan.Unclassified-Packed/Suspicious
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD792A4-EE5B-43E8-8F14-9D7487D03C4B}
    HKCR\CLSID\{BAD792A4-EE5B-43E8-8F14-9D7487D03C4B}
    HKCR\CLSID\{BAD792A4-EE5B-43E8-8F14-9D7487D03C4B}\InprocServer32
    HKCR\CLSID\{BAD792A4-EE5B-43E8-8F14-9D7487D03C4B}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\ATRAC.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C81D6B0-4564-48F6-B7DA-4FEF1016036C}\RP17\A0001504.DLL

Adware.Tracking Cookie
    C:\Documents and Settings\Else & Morten\Cookies\else & morten@track.adform[1].txt
    C:\Documents and Settings\Else & Morten\Cookies\else & morten@adtech[1].txt

Malware.SpyShredder
    HKU\S-1-5-21-73586283-1078145449-1708537768-1006\Software\SpyShredder
    HKU\S-1-5-21-73586283-1078145449-1708537768-1006\Software\Microsoft\Windows\CurrentVersion\Run#SpyShredder [ C:\Programmer\SpyShredder\SpyShredder.exe ]

Rogue.ErrorFighter
    HKLM\Software\ugac
    HKLM\Software\ugac#DomainName
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#ptask [ C:\Programmer\VirusForsvar\ptask.exe ]

Rogue.TrustedAntiVirus
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHLP
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHLP#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHLP\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHLP\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHLP\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHLP\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHLP\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHLP\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHLP\0000#DeviceDesc
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#SBI [ C:\Documents and Settings\Else & Morten\Lokale indstillinger\Temporary Internet Files\Content.IE5\TFV8UWP7\installer_sbd_en[1].exe ]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#bm [ "C:\Programmer\Fælles filer\VirusForsvar\bm.exe" dm=http://virusforsvar.com ad=http://virusforsvar.com sd=http://itemoin.virusforsvar.com ]

Rogue.AdvancedCleaner
    C:\DOCUMENTS AND SETTINGS\ELSE & MORTEN\LOKALE INDSTILLINGER\TEMP\UADCDK_0001_D10M2201\INSTALLER.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C81D6B0-4564-48F6-B7DA-4FEF1016036C}\RP31\A0003731.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C81D6B0-4564-48F6-B7DA-4FEF1016036C}\RP31\A0003751.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C81D6B0-4564-48F6-B7DA-4FEF1016036C}\RP31\A0003752.EXE

Rogue.StorageProtector/Trace
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C81D6B0-4564-48F6-B7DA-4FEF1016036C}\RP31\A0003709.EXE

COMBOFIX

ComboFix 08-03-14.4 - Else & Morten 2008-03-15 12:36:06.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.386 [GMT 1:00]
Running from: C:\Documents and Settings\Else & Morten\Skrivebord\Virus 2\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Else & Morten\ResErrors.log

.
(((((((((((((((((((((((((  Files Created from 2008-02-15 to 2008-03-15  )))))))))))))))))))))))))))))))
.

2008-03-15 11:34 . 2008-03-15 12:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-03-15 11:34 . 2008-03-15 11:34    <DIR>    d--------    C:\Documents and Settings\Else & Morten\Application Data\SUPERAntiSpyware.com
2008-03-04 22:45 . 2008-03-04 23:42    <DIR>    d--------    C:\Documents and Settings\Else & Morten\vesterå
2008-02-29 18:42 . 2008-02-29 18:42    <DIR>    d--hs----    C:\VirusForsvar
2008-02-29 18:41 . 2008-03-11 17:03    <DIR>    d--------    C:\Documents and Settings\Else & Morten\Application Data\VirusForsvar
2008-02-29 18:41 . 2008-02-29 18:41    <DIR>    dr-------    C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-29 18:40 . 2001-03-08 18:30    24,064    --a------    C:\WINDOWS\system32\msxml3a.dll
2008-02-29 18:33 . 2008-02-29 18:47    248,864    --a------    C:\Documents and Settings\Else & Morten\Application Data\install_dk[1].exe
2008-02-26 00:10 . 2008-03-08 14:27    <DIR>    d--h-----    C:\WINDOWS\$hf_mig$
2008-02-25 22:03 . 2008-02-25 22:03    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-25 20:48 . 2008-02-25 20:48    <DIR>    d--------    C:\WINDOWS\Provisioning
2008-02-25 20:48 . 2008-02-25 20:55    <DIR>    d--------    C:\WINDOWS\PeerNet
2008-02-25 20:48 . 2008-02-25 20:55    <DIR>    d--------    C:\WINDOWS\ehome
2008-02-25 20:31 . 2008-03-15 12:31    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-02-25 20:31 . 2008-02-25 20:31    1,409    --a------    C:\WINDOWS\QTFont.for
2008-02-25 20:22 . 2004-08-03 21:32    571,392    --a--c---    C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-25 20:21 . 2001-10-09 13:00    1,875,968    --a--c---    C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-25 20:20 . 2001-10-09 13:00    1,158,818    --a--c---    C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-02-25 20:19 . 2001-10-09 13:00    13,463,552    --a--c---    C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-25 20:18 . 2001-10-09 13:00    1,677,824    --a--c---    C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-25 20:17 . 2004-08-26 16:53    2,134,528    --a--c---    C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-25 20:15 . 2004-08-26 16:53    221,184    --a------    C:\WINDOWS\system32\wmpns.dll
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\WindowsShell.Manifest
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-25 20:13 . 2008-02-25 20:13    488    -rah-----    C:\WINDOWS\system32\logonui.exe.manifest
2008-02-25 20:11 . 2004-08-03 21:21    81,920    --a--c---    C:\WINDOWS\system32\dllcache\msado27.tlb
2008-02-25 20:11 . 2004-08-26 16:53    18,432    --a--c---    C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-25 20:06 . 2004-08-26 17:53    4,274,816    --a------    C:\WINDOWS\system32\nv4_disp.dll
2008-02-25 20:06 . 2004-08-03 22:29    1,897,408    --a------    C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-02-25 20:05 . 2001-08-17 20:12    19,017    --a------    C:\WINDOWS\system32\drivers\RTL8029.sys
2008-02-25 20:00 . 2004-07-17 10:48    66,082    --a--c---    C:\WINDOWS\system32\dllcache\c_28603.nls
2008-02-25 20:00 . 2004-07-17 10:48    66,082    --a------    C:\WINDOWS\system32\c_28603.nls
2008-02-25 20:00 . 2001-10-09 13:00    24,661    --a------    C:\WINDOWS\system32\spxcoins.dll
2008-02-25 20:00 . 2001-10-09 13:00    24,661    --a--c---    C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-02-25 20:00 . 2001-10-09 13:00    13,312    --a------    C:\WINDOWS\system32\irclass.dll
2008-02-25 20:00 . 2001-10-09 13:00    13,312    --a--c---    C:\WINDOWS\system32\dllcache\irclass.dll
2008-02-20 17:37 .     19,584        C:\WINDOWS\system32\drivers\xcprwwan.dat
2008-02-20 17:34 . 2008-03-04 17:31    99,072    --a------    C:\WINDOWS\system32\atrac.dll
2008-02-18 20:42 . 2008-02-18 20:44    4,663,342    --a------    C:\WINDOWS\REGBK00.ZIP
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\zts2.exe
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\system32\vcmgcd32.dll
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\system32\iifgfgf.dll
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\rundll16.exe
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\rundl132.dll
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\logo1_.exe
2008-02-18 20:26 . 2008-02-18 20:26    50    --a------    C:\WINDOWS\Lic.xxx
2008-02-18 20:25 . 2001-10-09 13:00    138,240    --a------    C:\WINDOWS\R.COM
2008-02-18 20:25 . 2001-10-09 13:00    129,536    --a------    C:\WINDOWS\system32\T.COM
2008-02-17 17:32 . 2008-02-20 20:30    56    --a------    C:\WINDOWS\system32\x
2008-02-17 15:28 . 2008-02-17 15:28    <DIR>    d--------    C:\Programmer\Lavasoft
2008-02-17 15:28 . 2008-02-17 15:29    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 14:43 . 2008-02-17 14:43    1,909    --a------    C:\clean.reg
2008-02-16 14:16 . 2008-02-16 14:16    <DIR>    d--------    C:\WINDOWS\ERUNT

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 10:34    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-27 16:45    ---------    d-----w    C:\Programmer\Google
2008-01-21 16:38    ---------    d-----w    C:\Documents and Settings\Else & Morten\Application Data\MSN6
2008-01-21 16:38    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\MSN6
2003-11-15 13:18    1,702    ----a-w    C:\Programmer\INSTALL.LOG
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAD792A4-EE5B-43E8-8F14-9D7487D03C4B}]
2008-03-04 17:31    99072    --a------    C:\WINDOWS\System32\atrac.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [ ]
"MSI Configuration"="msiconf.exe" []
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"MULTIMEDIA KEYBOARD"="C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe" [2000-11-28 10:18 135168]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-07-27 19:14 271672]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"UADCDK_4125075708"="C:\Programmer\AdvancedCleaner Free\UADCcw.exe" [ ]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-26 16:47 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 idxpqkna;idxpqkna;C:\WINDOWS\system32\drivers\xcprwwan.dat []
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 15:18]
R2 nhksrv;Netropa NHK Server;C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe [2000-09-13 16:18]
S3 M2400;IEEE 802.11b Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2400.sys [2003-10-28 14:35]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 17:46:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 12:39:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idxpqkna]
"ImagePath"="system32\drivers\xcprwwan.dat"
.
Completion time: 2008-03-15 12:41:00
ComboFix-quarantined-files.txt  2008-03-15 11:40:43
ComboFix2.txt  2008-02-25 22:59:44
.
2008-03-14 17:48:24    --- E O F --- 

HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 12:47:48, on 15-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Else & Morten\Skrivebord\Virus\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.stofa.dk/listmessages.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BAD792A4-EE5B-43E8-8F14-9D7487D03C4B} - C:\WINDOWS\System32\atrac.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UADCDK_4125075708] "C:\Programmer\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: www.himmerland.dk
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O15 - Trusted Zone: www.testby.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.himmerland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Programmer\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Programmer\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: JjGWqXVJP - {6818F2CD-C2B2-5867-4F7A-C62A7DA27C38} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Avatar billede fromsej Praktikant
15. marts 2008 - 13:20 #13
Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

---------------------------------------
Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

File::
C:\WINDOWS\system32\drivers\xcprwwan.dat
C:\WINDOWS\system32\atrac.dll
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\x
C:\Windows\System32\msiconf.exe
Folder::
C:\VirusForsvar
C:\Programmer\AdvancedCleaner Free

Driver::
idxpqkna

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAD792A4-EE5B-43E8-8F14-9D7487D03C4B}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSI Configuration"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UADCDK_4125075708"=-

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
---------------------------------------
Vi skal se en frisk hijackthislog, samt den nye combofixlog.
Avatar billede struve_aalborg Nybegynder
18. marts 2008 - 18:56 #14
Ny HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 18:54:15, on 18-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Else & Morten\Skrivebord\Virus 2\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.stofa.dk/listmessages.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: www.himmerland.dk
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O15 - Trusted Zone: www.testby.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.himmerland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Programmer\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Programmer\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: JjGWqXVJP - {6818F2CD-C2B2-5867-4F7A-C62A7DA27C38} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Ny ComboFix log:

ComboFix 08-03-14.4 - Else & Morten 2008-03-18 18:39:35.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.446 [GMT 1:00]
Running from: C:\Documents and Settings\Else & Morten\Skrivebord\Virus 2\ComboFix.exe
Command switches used :: C:\Documents and Settings\Else & Morten\Skrivebord\Virus 2\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\logo1_.exe
C:\WINDOWS\R.COM
C:\WINDOWS\rundl132.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\system32\atrac.dll
C:\WINDOWS\system32\drivers\xcprwwan.dat
C:\WINDOWS\system32\iifgfgf.dll
C:\Windows\System32\msiconf.exe
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\x
C:\WINDOWS\zts2.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VirusForsvar
C:\WINDOWS\R.COM
C:\WINDOWS\system32\atrac.dll
C:\WINDOWS\system32\drivers\xcprwwan.dat
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\x

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_IDXPQKNA
-------\idxpqkna


(((((((((((((((((((((((((  Files Created from 2008-02-18 to 2008-03-18  )))))))))))))))))))))))))))))))
.

2008-03-18 18:21 . 2008-03-18 18:21    <DIR>    d--------    C:\Programmer\CCleaner
2008-03-15 11:34 . 2008-03-15 12:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-03-15 11:34 . 2008-03-15 11:34    <DIR>    d--------    C:\Documents and Settings\Else & Morten\Application Data\SUPERAntiSpyware.com
2008-03-04 22:45 . 2008-03-04 23:42    <DIR>    d--------    C:\Documents and Settings\Else & Morten\vester†
2008-02-29 18:41 . 2008-03-11 17:03    <DIR>    d--------    C:\Documents and Settings\Else & Morten\Application Data\VirusForsvar
2008-02-29 18:41 . 2008-02-29 18:41    <DIR>    dr-------    C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-29 18:40 . 2001-03-08 18:30    24,064    --a------    C:\WINDOWS\system32\msxml3a.dll
2008-02-29 18:33 . 2008-02-29 18:47    248,864    --a------    C:\Documents and Settings\Else & Morten\Application Data\install_dk[1].exe
2008-02-26 00:10 . 2008-03-15 12:51    <DIR>    d--h-----    C:\WINDOWS\$hf_mig$
2008-02-25 22:03 . 2008-02-25 22:03    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-25 20:48 . 2008-02-25 20:48    <DIR>    d--------    C:\WINDOWS\Provisioning
2008-02-25 20:48 . 2008-02-25 20:55    <DIR>    d--------    C:\WINDOWS\PeerNet
2008-02-25 20:48 . 2008-02-25 20:55    <DIR>    d--------    C:\WINDOWS\ehome
2008-02-25 20:31 . 2008-03-18 18:47    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-02-25 20:31 . 2008-02-25 20:31    1,409    --a------    C:\WINDOWS\QTFont.for
2008-02-25 20:22 . 2004-08-03 21:32    571,392    --a--c---    C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-25 20:21 . 2001-10-09 13:00    1,875,968    --a--c---    C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-25 20:20 . 2001-10-09 13:00    1,158,818    --a--c---    C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-02-25 20:19 . 2001-10-09 13:00    13,463,552    --a--c---    C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-25 20:18 . 2001-10-09 13:00    1,677,824    --a--c---    C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-25 20:17 . 2004-08-26 16:53    2,134,528    --a--c---    C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-25 20:15 . 2004-08-26 16:53    221,184    --a------    C:\WINDOWS\system32\wmpns.dll
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\WindowsShell.Manifest
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-25 20:13 . 2008-02-25 20:13    749    -rah-----    C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-25 20:13 . 2008-02-25 20:13    488    -rah-----    C:\WINDOWS\system32\logonui.exe.manifest
2008-02-25 20:11 . 2004-08-03 21:21    81,920    --a--c---    C:\WINDOWS\system32\dllcache\msado27.tlb
2008-02-25 20:11 . 2004-08-26 16:53    18,432    --a--c---    C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-25 20:06 . 2004-08-26 17:53    4,274,816    --a------    C:\WINDOWS\system32\nv4_disp.dll
2008-02-25 20:06 . 2004-08-03 22:29    1,897,408    --a------    C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-02-25 20:05 . 2001-08-17 20:12    19,017    --a------    C:\WINDOWS\system32\drivers\RTL8029.sys
2008-02-25 20:00 . 2004-07-17 10:48    66,082    --a--c---    C:\WINDOWS\system32\dllcache\c_28603.nls
2008-02-25 20:00 . 2004-07-17 10:48    66,082    --a------    C:\WINDOWS\system32\c_28603.nls
2008-02-25 20:00 . 2001-10-09 13:00    24,661    --a------    C:\WINDOWS\system32\spxcoins.dll
2008-02-25 20:00 . 2001-10-09 13:00    24,661    --a--c---    C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-02-25 20:00 . 2001-10-09 13:00    13,312    --a------    C:\WINDOWS\system32\irclass.dll
2008-02-25 20:00 . 2001-10-09 13:00    13,312    --a--c---    C:\WINDOWS\system32\dllcache\irclass.dll
2008-02-18 20:42 . 2008-02-18 20:44    4,663,342    --a------    C:\WINDOWS\REGBK00.ZIP
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\zts2.exe
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\system32\vcmgcd32.dll
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\system32\iifgfgf.dll
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\rundll16.exe
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\rundl132.dll
2008-02-18 20:27 . 2008-02-18 20:27    <DIR>    d-a------    C:\WINDOWS\logo1_.exe
2008-02-18 20:26 . 2008-02-18 20:26    50    --a------    C:\WINDOWS\Lic.xxx

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 10:34    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-27 16:45    ---------    d-----w    C:\Programmer\Google
2008-02-17 14:29    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 14:28    ---------    d-----w    C:\Programmer\Lavasoft
2008-02-17 13:43    1,909    ----a-w    C:\clean.reg
2008-01-21 16:38    ---------    d-----w    C:\Documents and Settings\Else & Morten\Application Data\MSN6
2008-01-21 16:38    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\MSN6
2003-11-15 13:18    1,702    ----a-w    C:\Programmer\INSTALL.LOG
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"MULTIMEDIA KEYBOARD"="C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe" [2000-11-28 10:18 135168]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-07-27 19:14 271672]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-26 16:47 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 15:18]
R2 nhksrv;Netropa NHK Server;C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe [2000-09-13 16:18]
S3 M2400;IEEE 802.11b Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2400.sys [2003-10-28 14:35]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 17:46:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 18:47:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\Programmer\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-03-18 18:53:15 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-18 17:52:12
ComboFix2.txt  2008-03-15 11:41:01
ComboFix3.txt  2008-02-25 22:59:44
.
2008-03-18 17:20:37    --- E O F ---
Avatar billede fromsej Praktikant
19. marts 2008 - 09:31 #15
Det var ligegodt #¤%&&/(#!
Den seneste Combofixlog er et tydeligt eksempel på hvor vigtigt det er at nærlæse de enkelte linier.
Jeg har overset at noget af det der skulle slettes som filer faktisk var mapper, hmmm.
De er nogle lusker.ve.


Lav et nyt CFScript med dette indhold:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

Folder::
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Brug det som anvist, kopier den nye log herind.
Avatar billede struve_aalborg Nybegynder
29. marts 2008 - 14:30 #16
Når jeg laver den nye CFScript-fil og trækker den ind i Combofix sker der det, at Combifil starter (selvfølgelig), og der står "attempting to create a new system restore point", et nyt vindue åbner herefter og nogle filer gemmes! Men herefter lukker Combofix ned og jeg får ingen ny logfil fra Combofix - Ideer til hvad der er galt???

Smider lige en ny HiJack logfil som jeg har lavet efter mit forgæves forsøg med Combofix

Logfile of HijackThis v1.99.1
Scan saved at 14:28, on 2008-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Else & Morten\Skrivebord\Virus 2\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.stofa.dk/listmessages.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: www.himmerland.dk
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O15 - Trusted Zone: www.testby.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.himmerland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Programmer\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Programmer\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: JjGWqXVJP - {6818F2CD-C2B2-5867-4F7A-C62A7DA27C38} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Avatar billede fromsej Praktikant
29. marts 2008 - 15:10 #17
-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

Følg så denne vejledning, billede for billede:
http://spywarefri.dk/forum/topic.asp?TOPIC_ID=46516

Det er denne tekst du skal kopiere:

Folders to delete:
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe

Kopier Avengerloggen herind.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 10 22/11/202420:49 23/11/202410:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
IT-JOB

MAN Energy Solutions

Principal Expert DevOps

Jyske Bank

AI transformation lead

Acrelec Danmark

IT-supporter

Cognizant Technology Solutions Denmark ApS

Sr. Test Analyst

BEC

Information Security Officer
Seneste spørgsmål Seneste aktivitet
I dag 11:44 Sti og filnavn i sidefod Af boro23 i Word
I dag 11:02 Zyxel Multy U netværk Af jcr18 i Wifi
I dag 08:52 DOWNLOAD TIL SAMME MAPPE Af snestrup2000 i Browsere
I dag 00:54 Windows 11 Pro - IIS Af bsn i Windows
I går 18:46 Omdanne stik på router til USB Af valby i Routere & Switches
White papers
Flere white papers »


Premium
Teaser billede
Disse seks anbefalinger fra den danske it-branche skal sikre Danmarks digitale kvantespring
Læs mere »
Kunderne raser, og priserne er eksploderet: Alligevel er salget af VMware en kæmpe-succes
Boghandler er blevet en af Danmarks førende eksperter i Microsoft Teams: "Til at begynde med virkede det fuldstændig uopnåeligt"
Bryder ind i alle typer smartphones: Politiet bruger israelsk hackervåben mod bander
Se alle »
Computerworld
Teaser billede
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Læs mere »
Test: Den snusfornuftige Volkswagen ID.3 blevet til lidt af el-bisse
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Se alle »
CIO
Teaser billede
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Læs mere »
Microsoft hæver priserne på M365: Sådan kommer de nye priser til at ramme
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Microsoft et døgn efter nedbrud: Stadig problemer med Outlook
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Twoday er rykket til et af de dyreste postnumre i Danmark – og det kan betale sig, siger topchef Lars Berthelsen
Se alle »
White paper
Teaser billede
SMB og cybertrusler: Brug sikkerhedsressourcerne optimalt
Læs mere »
Cyberangreb bliver mere kostbare: Er du forberedt?
Governance, Risk & Compliance: Knyt stærke bånd mellem forretning og sikkerhed
Derfor kræver AI, cloud og sikkerhed et stærkere netværk
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »