CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

mikkeline74 Nybegynder

02. marts 2008 - 15:55 Der er 5 kommentarer og
1 løsning

Hjælp til log (trojan)

Så har jeg igen fået noget snavs - hverken Norton eller mit Spyware har fundet det, men der er masser af tegn på at noget er galt. 'Det der' prøver at få mig over på en hjemmeside, der hedder http://pageforsafety.com/ - har ikke downloadet noget af det som de foreslår.

Er der en venlig sjæl, som vil hjælpe? Her er loggen:

Logfile of HijackThis v1.99.1
Scan saved at 15:51:02, on 02-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\Geske diverse\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\NetProject\scit.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\NetProject\sbmntr.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programmer\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0230Mon.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Maxtor\ManagerApp\Onetouch.exe
C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearchIndexer.exe
C:\Programmer\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Norton AntiVirus\NAVW32.EXE
C:\Programmer\Geske Spyware\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programmer\Helper\1204307100.dll
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Programmer\Sotfone\1204307103.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\GESKES~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programmer\NetProject\sbmdl.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Programmer\NetProject\wamdl.dll
O4 - HKLM\..\Run: [VOBID] C:\Programmer\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Programmer\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Geske diverse\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?e924aafe78b846b3838577704f6a90b9
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?e924aafe78b846b3838577704f6a90b9
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.gaardlauget.com/controls/IlosoftImageUpload.dll
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp06.photoprintit.de/microsite/10021/defaults/activex/IPSUploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotomail.billedbutikken.dk/upload/xupload/XUpload2101.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\Geske diverse\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programmer\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: MaxSyncService (NTService1) - - C:\Programmer\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Synes godt om

Computer Hjælp (Gratis) Mester

02. marts 2008 - 15:59 #1

Jeg ser på den...

Synes godt om

Computer Hjælp (Gratis) Mester

02. marts 2008 - 16:02 #2

SUK - endnu én der er kommet i C:\Programmer\NetProject\ fælden...

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

Synes godt om

mikkeline74 Nybegynder

02. marts 2008 - 22:42 #3

1) Hvad er NetProject-fælden?

2) Tak for linket - jeg har gjort alt det der står. Det eneste der ikke passer er, at der ikke er nogen SuperAntiSpyware-log. Da den kørte kunne jeg se den fandt tre skadelige emner (Trojan, malware og noget 3. som alt sammen lød som noget af det der popper op). Skal jeg køre igen for at få en log eller?

a) Hijack: se oven for

b) Rootchk:

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
02-03-2008 22:17:17,23

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 22:17:17
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000002ec

scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.

hidden processes: 0
hidden services: 0
hidden files: 0

c) Combofix:

ComboFix 08-03-03.4 - Tæske lækker Geske 2008-03-02 22:21:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.454 [GMT 1:00]
Running from: C:\Programmer\Geske Spyware\Virus 2008\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\Helper
C:\Programmer\Helper\1204307100.dll
C:\Programmer\Video Add-on

.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-02 22:18 . 2004-08-27 01:53 391,168 --a------ C:\CF26775.exe
2008-03-02 16:37 . 2008-03-02 16:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-02 16:29 . 2008-03-02 16:29 <DIR> d-------- C:\Documents and Settings\Tæske lækker Geske\Application Data\SUPERAntiSpyware.com
2008-03-02 16:29 . 2008-03-02 16:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-02-29 18:45 . 2008-03-02 16:34 <DIR> d-------- C:\Programmer\Sotfone
2008-02-29 18:44 . 2008-03-02 16:34 <DIR> d-------- C:\Programmer\NetProject
2008-02-12 23:30 . 2008-02-12 23:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2008-02-12 23:05 . 2008-02-12 23:05 <DIR> d-------- C:\Programmer\Fælles filer\PCSuite
2008-02-12 23:05 . 2008-02-12 23:30 <DIR> d-------- C:\Programmer\Fælles filer\Nokia
2008-02-12 23:04 . 2008-02-12 23:04 <DIR> d-------- C:\Programmer\PC Connectivity Solution
2008-02-12 23:03 . 2008-02-12 23:30 <DIR> d-------- C:\Programmer\Nokia
2008-02-12 23:03 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-12 23:03 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-12 23:03 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-12 23:03 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-02-12 23:03 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-12 23:01 . 2008-02-12 23:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2008-02-12 22:52 . 2008-02-12 23:16 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Nokia
2008-02-12 22:36 . 2008-02-12 22:36 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\DataLayer
2008-02-12 22:33 . 2008-02-12 23:16 <DIR> d-------- C:\Documents and Settings\Ejer\Phone Browser
2008-02-08 14:57 . 2007-10-25 15:12 <DIR> d-a------ C:\Beredskab redigering

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 21:24 --------- d-----w C:\Documents and Settings\Tæske lækker Geske\Application Data\Skype
2008-03-02 20:29 --------- d-----w C:\Programmer\Geske Spyware
2008-03-02 20:13 --------- d-----w C:\Programmer\Plaxo
2008-03-02 15:28 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-02 15:25 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-29 14:30 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2008-02-22 21:29 --------- d-----w C:\Documents and Settings\Tæske lækker Geske\Application Data\Image Zone Express
2008-02-12 22:16 --------- d-----w C:\Documents and Settings\Ejer\Application Data\PC Suite
2008-02-12 22:16 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2008-02-10 17:57 --------- d-----w C:\Documents and Settings\Ejer\Application Data\Image Zone Express
2008-02-03 10:57 --------- d-----w C:\Programmer\SopCast
2008-01-25 16:25 --------- d-----w C:\Documents and Settings\Ejer\Application Data\SopCast
2008-01-24 21:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-24 21:39 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-24 21:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-24 21:39 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-24 21:39 --------- d-----w C:\Programmer\Symantec
2008-01-24 21:26 --------- d-----w C:\Programmer\iTunes
2008-01-24 21:24 --------- d-----w C:\Programmer\QuickTime
2008-01-24 13:18 --------- d-----w C:\Programmer\HP
2008-01-15 19:32 --------- d-----w C:\Programmer\Picasa2
2008-01-15 14:29 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-01-04 18:56 --------- d-----w C:\Programmer\DivX
2007-12-07 02:13 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2005-10-18 14:33 26,999 ----a-w C:\Programmer\winmail.dat
2004-10-27 19:37 21,778,872 ----a-w C:\Programmer\iTunesSetup.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe" [2003-07-16 10:29 913408]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 20:28 68856]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-03-30 12:34 25263144]
"SUPERAntiSpyware"="C:\Programmer\Geske Spyware\Virus 2008\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VOBID"="C:\Programmer\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe" [2003-03-31 17:59 147968]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-05 09:55 393728]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 14:08 57344 C:\WINDOWS\system32\ico.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 10:05 221184]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-01-19 10:39 217088]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-01-19 10:45 458752]
"IW ControlCenter"="C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 11:56 836096]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"ISUSPM Startup"="C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-03-01 11:04 52840]
"anvshell"="anvshell.exe" [2003-07-24 08:19 380928 C:\WINDOWS\anvshell.exe]
"HP Software Update"="C:\Programmer\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"AVFX Engine"="C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 18:44 20480]
"V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-07 00:01 32768]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2004-11-19 12:56 180269]
"MaxtorOneTouch"="C:\Programmer\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 07:45 712704]
"mxomssmenu"="C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 10:15 81920]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 01:53 15360]
"ALUAlert"="C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe" [2006-08-03 16:46 67264]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]
Windows-pc-s›gning.lnk - C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe [2005-09-20 17:10:04 238080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\Geske Spyware\Virus 2008\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\Geske Spyware\Virus 2008\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\Geske Spyware\Virus 2008\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Documents and Settings\\Ejer\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmer\\SopCast\\SopCast.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=
"C:\\Programmer\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-05-07 16:36]
R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 11:53]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2003-04-10 12:12]
R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:46]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2002-12-13 18:33]
S1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2003-11-19 03:51]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 13:25]
S3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;C:\WINDOWS\system32\DRIVERS\Bel6001.sys [2003-07-10 04:06]
S3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-24 00:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-11-20 00:02]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 22:24:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 22:27:34
ComboFix-quarantined-files.txt 2008-03-03 21:27:31
.
2008-02-12 23:18:04 --- E O F ---

TAKKER!!!!!!!

Synes godt om

Computer Hjælp (Gratis) Mester

02. marts 2008 - 23:11 #4

Ang.: C:\Programmer\NetProject\ ->

http://answers.yahoo.com/question/index?qid=20080213120218AAe5nTS

http://apollo.sunbelt-software.com/research/threatdisplay.aspx?name=Trojan-Downloader.Zlob.Media-Codec&threatid=44478

Altså noget 'snavs' !!! Har set/oplevet den maaaaange gange før ...

-----------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\CF26775.exe (Ved du selv hvad dette er ?)

Folders to delete:
C:\Programmer\NetProject
C:\Programmer\Sotfone
C:\Programmer\Helper\
~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programmer\Helper\1204307100.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programmer\NetProject\sbmdl.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Programmer\NetProject\wamdl.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Synes godt om

mikkeline74 Nybegynder

03. marts 2008 - 00:15 #5

Hermed gjort - de første 3 filer kan jeg ikke finde i Hijack (02, 02 og 03) - de andre er slettet. Her er de to logfiler

1)//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Mar 03 23:31:49 2008

23:31:49: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\CF26775.exe" deleted successfully.
Folder "C:\Programmer\NetProject" deleted successfully.
Folder "C:\Programmer\Sotfone" deleted successfully.

Error: folder "C:\Programmer\Helper" not found!
Deletion of folder "C:\Programmer\Helper" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

2) Logfile of HijackThis v1.99.1
Scan saved at 00:12:40, on 04-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0230Mon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Maxtor\ManagerApp\Onetouch.exe
C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearchIndexer.exe
C:\Programmer\Geske Spyware\Virus 2008\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.dr.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
O4 - HKLM\..\Run: [VOBID] C:\Programmer\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Programmer\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\Geske Spyware\Virus 2008\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?e924aafe78b846b3838577704f6a90b9
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?e924aafe78b846b3838577704f6a90b9
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.gaardlauget.com/controls/IlosoftImageUpload.dll
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp06.photoprintit.de/microsite/10021/defaults/activex/IPSUploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotomail.billedbutikken.dk/upload/xupload/XUpload2101.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\Geske Spyware\Virus 2008\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\Geske diverse\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programmer\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: MaxSyncService (NTService1) - - C:\Programmer\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

3) Skal jeg gemme alle de programmer jeg nu har downloadet og supplerer de dermed de andre spyware og virusprogrammer jeg har? Kan se af Super Anti Spyware popper op når jeg starter - men kan jeg selv afkode nogle af resultaterne eller skal jeg herind eller?

endnu engang tak - og sov godt :-)

Synes godt om

Computer Hjælp (Gratis) Mester

03. marts 2008 - 00:46 #6

Lige efter 'bogen' på de gode sider *S*

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

------------

SuperAntiSpyware kan du evt. afinstall ved lejlighed...
Avenger mappen kan du også slette.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
mulig ukendt virus Af jackie18 i Virus	3	I går 14:07	I går 16:39
virus popper op med jævne mellemrum Af Malm i Virus	9	I går 11:40	I går 17:59
Total AV Af Malm i Virus	10	16/01/202516:48	17/01/202520:47
pop up black friday Af Malm i Virus	12	22/11/202420:49	03/12/202411:04
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

14:20

Ugen i tech: Her er Nintendo Switch 2 / Stortest: Disse elbiler kører længst i vinterkulden

17/01

Test: To skarpe og vidt forskellige bud på, hvordan en 27” kontorskærm anno 2025 skal skæres

17/01

Danske Commodore 64-entusiaster mødtes til en hemmelig undergrundsfest: I dag har de sat varige spor på den danske it-branche

17/01

Nørgaard: Skal vi satse på open source eller amerikansk big tech i denne urolige tid?

17/01

TikTok skal have fundet en ny ejer i USA inden søndag: Nu er alle parter løbet tør for manøvrerum - hvad kommer der til at ske?

17/01

I dag træder ny stor sikkerhedslov fra EU i kraft: Dora-forordningen er nu gældende lov

17/01

Apps fra danske Trophy Games udnyttes i overvågningsnetværk - topchef Søren Gleie er frustreret

17/01

EU klar med ny plan: Skal beskytte sundhedssektoren mod cyberangreb

17/01

Ib Kunøe overvejer at trække nye ejere ind eller fusionere Columbus med andre selskaber - aktiekursen buldrer i vejret

17/01

Ransomware-angreb mod AWS-brugere kan udvikle sig til 'systemisk trussel'

17/01

Der er ingenting at frygte: Vi skal byde AI velkommen med åbne arme

Vis flere artikler

IT-JOB

Region Midtjylland

It-supporter til Servicedesk – et job for dig, der vil gøre en forskel for Region Midtjylland!

BEC

IT Risk Consultant

Netcompany A/S

Data Management Consultant

Sydbank

Automation Developer til Operations

Udviklings- og Forenklingsstyrelsen

Kvalitetsbevidst tekniker med værktøjsinteresse?

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 10:38	Ændre udseende move tool i PhotoShop Af clausito i Billedbehandling
I dag 09:53	massgrave-afhjælpe problem med microsoft licens Af Uvanga i Andet software
I går 14:07	mulig ukendt virus Af jackie18 i Virus
I går 13:40	Synology NAS -> Docker -> qBitTorrent "errored" Af MortenBoye i NAS & storage
I går 12:14	Find og indsæt et tal i en "database" Af 1Dorte i Excel