CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede mikkeline74 Nybegynder
02. marts 2008 - 15:55 Der er 5 kommentarer og
1 løsning

Hjælp til log (trojan)

Så har jeg igen fået noget snavs - hverken Norton eller mit Spyware har fundet det, men der er masser af tegn på at noget er galt. 'Det der' prøver at få mig over på en hjemmeside, der hedder http://pageforsafety.com/ - har ikke downloadet noget af det som de foreslår.

Er der en venlig sjæl, som vil hjælpe? Her er loggen:

Logfile of HijackThis v1.99.1
Scan saved at 15:51:02, on 02-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\Geske diverse\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\NetProject\scit.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\NetProject\sbmntr.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programmer\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0230Mon.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Maxtor\ManagerApp\Onetouch.exe
C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearchIndexer.exe
C:\Programmer\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Norton AntiVirus\NAVW32.EXE
C:\Programmer\Geske Spyware\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programmer\Helper\1204307100.dll
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Programmer\Sotfone\1204307103.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\GESKES~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programmer\NetProject\sbmdl.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Programmer\NetProject\wamdl.dll
O4 - HKLM\..\Run: [VOBID] C:\Programmer\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Programmer\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Geske diverse\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?e924aafe78b846b3838577704f6a90b9
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?e924aafe78b846b3838577704f6a90b9
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.gaardlauget.com/controls/IlosoftImageUpload.dll
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp06.photoprintit.de/microsite/10021/defaults/activex/IPSUploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotomail.billedbutikken.dk/upload/xupload/XUpload2101.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\Geske diverse\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programmer\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: MaxSyncService (NTService1) -  - C:\Programmer\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede Computer Hjælp (Gratis) Mester
02. marts 2008 - 15:59 #1
Jeg ser på den...
Avatar billede Computer Hjælp (Gratis) Mester
02. marts 2008 - 16:02 #2
SUK - endnu én der er kommet i C:\Programmer\NetProject\ fælden...

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede mikkeline74 Nybegynder
02. marts 2008 - 22:42 #3
1) Hvad er NetProject-fælden?

2) Tak for linket - jeg har gjort alt det der står. Det eneste der ikke passer er, at der ikke er nogen SuperAntiSpyware-log. Da den kørte kunne jeg se den fandt tre skadelige emner (Trojan, malware og noget 3. som alt sammen lød som noget af det der popper op). Skal jeg køre igen for at få en log eller?

a) Hijack: se oven for

b) Rootchk:

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
02-03-2008 22:17:17,23

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 22:17:17
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000002ec

scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.

hidden processes: 0
hidden services: 0
hidden files: 0

c) Combofix:

ComboFix 08-03-03.4 - Tæske lækker Geske 2008-03-02 22:21:08.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.454 [GMT 1:00]
Running from: C:\Programmer\Geske Spyware\Virus 2008\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\Helper
C:\Programmer\Helper\1204307100.dll
C:\Programmer\Video Add-on

.
(((((((((((((((((((((((((  Files Created from 2008-02-03 to 2008-03-03  )))))))))))))))))))))))))))))))
.

2008-03-02 22:18 . 2004-08-27 01:53    391,168    --a------    C:\CF26775.exe
2008-03-02 16:37 . 2008-03-02 16:37    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-02 16:29 . 2008-03-02 16:29    <DIR>    d--------    C:\Documents and Settings\Tæske lækker Geske\Application Data\SUPERAntiSpyware.com
2008-03-02 16:29 . 2008-03-02 16:29    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-02-29 18:45 . 2008-03-02 16:34    <DIR>    d--------    C:\Programmer\Sotfone
2008-02-29 18:44 . 2008-03-02 16:34    <DIR>    d--------    C:\Programmer\NetProject
2008-02-12 23:30 . 2008-02-12 23:30    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2008-02-12 23:05 . 2008-02-12 23:05    <DIR>    d--------    C:\Programmer\Fælles filer\PCSuite
2008-02-12 23:05 . 2008-02-12 23:30    <DIR>    d--------    C:\Programmer\Fælles filer\Nokia
2008-02-12 23:04 . 2008-02-12 23:04    <DIR>    d--------    C:\Programmer\PC Connectivity Solution
2008-02-12 23:03 . 2008-02-12 23:30    <DIR>    d--------    C:\Programmer\Nokia
2008-02-12 23:03 . 2007-02-22 10:15    137,216    --a------    C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-12 23:03 . 2007-02-22 10:15    65,536    --a------    C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-12 23:03 . 2007-02-22 10:15    12,288    --a------    C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-12 23:03 . 2007-02-22 10:15    12,288    --a------    C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-02-12 23:03 . 2007-02-22 10:15    8,320    --a------    C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-12 23:01 . 2008-02-12 23:29    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2008-02-12 22:52 . 2008-02-12 23:16    <DIR>    d--------    C:\Documents and Settings\Ejer\Application Data\Nokia
2008-02-12 22:36 . 2008-02-12 22:36    <DIR>    d--------    C:\Documents and Settings\Ejer\Application Data\DataLayer
2008-02-12 22:33 . 2008-02-12 23:16    <DIR>    d--------    C:\Documents and Settings\Ejer\Phone Browser
2008-02-08 14:57 . 2007-10-25 15:12    <DIR>    d-a------    C:\Beredskab redigering

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 21:24    ---------    d-----w    C:\Documents and Settings\Tæske lækker Geske\Application Data\Skype
2008-03-02 20:29    ---------    d-----w    C:\Programmer\Geske Spyware
2008-03-02 20:13    ---------    d-----w    C:\Programmer\Plaxo
2008-03-02 15:28    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-02 15:25    ---------    d-----w    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-29 14:30    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-02-22 21:29    ---------    d-----w    C:\Documents and Settings\Tæske lækker Geske\Application Data\Image Zone Express
2008-02-12 22:16    ---------    d-----w    C:\Documents and Settings\Ejer\Application Data\PC Suite
2008-02-12 22:16    ---------    d-----w    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2008-02-10 17:57    ---------    d-----w    C:\Documents and Settings\Ejer\Application Data\Image Zone Express
2008-02-03 10:57    ---------    d-----w    C:\Programmer\SopCast
2008-01-25 16:25    ---------    d-----w    C:\Documents and Settings\Ejer\Application Data\SopCast
2008-01-24 21:39    805    ----a-w    C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-24 21:39    60,800    ----a-w    C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-24 21:39    123,952    ----a-w    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-24 21:39    10,740    ----a-w    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-24 21:39    ---------    d-----w    C:\Programmer\Symantec
2008-01-24 21:26    ---------    d-----w    C:\Programmer\iTunes
2008-01-24 21:24    ---------    d-----w    C:\Programmer\QuickTime
2008-01-24 13:18    ---------    d-----w    C:\Programmer\HP
2008-01-15 19:32    ---------    d-----w    C:\Programmer\Picasa2
2008-01-15 14:29    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-01-04 18:56    ---------    d-----w    C:\Programmer\DivX
2007-12-07 02:13    824,832    ----a-w    C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
2005-10-18 14:33    26,999    ----a-w    C:\Programmer\winmail.dat
2004-10-27 19:37    21,778,872    ----a-w    C:\Programmer\iTunesSetup.exe
2001-11-23 04:08    712,704    ----a-w    C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe" [2003-07-16 10:29 913408]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 20:28 68856]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-03-30 12:34 25263144]
"SUPERAntiSpyware"="C:\Programmer\Geske Spyware\Virus 2008\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VOBID"="C:\Programmer\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe" [2003-03-31 17:59 147968]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-05 09:55 393728]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 14:08 57344 C:\WINDOWS\system32\ico.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 10:05 221184]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-01-19 10:39 217088]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-01-19 10:45 458752]
"IW ControlCenter"="C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 11:56 836096]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"ISUSPM Startup"="C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-03-01 11:04 52840]
"anvshell"="anvshell.exe" [2003-07-24 08:19 380928 C:\WINDOWS\anvshell.exe]
"HP Software Update"="C:\Programmer\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"AVFX Engine"="C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 18:44 20480]
"V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-07 00:01 32768]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2004-11-19 12:56 180269]
"MaxtorOneTouch"="C:\Programmer\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 07:45 712704]
"mxomssmenu"="C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 10:15 81920]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 01:53 15360]
"ALUAlert"="C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe" [2006-08-03 16:46 67264]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]
Windows-pc-s›gning.lnk - C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe [2005-09-20 17:10:04 238080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\Geske Spyware\Virus 2008\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\Geske Spyware\Virus 2008\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\Geske Spyware\Virus 2008\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Documents and Settings\\Ejer\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmer\\SopCast\\SopCast.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=
"C:\\Programmer\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-05-07 16:36]
R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 11:53]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2003-04-10 12:12]
R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:46]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2002-12-13 18:33]
S1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2003-11-19 03:51]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 13:25]
S3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;C:\WINDOWS\system32\DRIVERS\Bel6001.sys [2003-07-10 04:06]
S3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-24 00:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-11-20 00:02]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 22:24:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 22:27:34
ComboFix-quarantined-files.txt  2008-03-03 21:27:31
.
2008-02-12 23:18:04    --- E O F --- 




TAKKER!!!!!!!
Avatar billede Computer Hjælp (Gratis) Mester
02. marts 2008 - 23:11 #4
Ang.: C:\Programmer\NetProject\ ->

http://answers.yahoo.com/question/index?qid=20080213120218AAe5nTS

http://apollo.sunbelt-software.com/research/threatdisplay.aspx?name=Trojan-Downloader.Zlob.Media-Codec&threatid=44478

Altså noget 'snavs' !!! Har set/oplevet den maaaaange gange før ...

-----------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\CF26775.exe (Ved du selv hvad dette er ?)

Folders to delete:
C:\Programmer\NetProject
C:\Programmer\Sotfone
C:\Programmer\Helper\
~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programmer\Helper\1204307100.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programmer\NetProject\sbmdl.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Programmer\NetProject\wamdl.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede mikkeline74 Nybegynder
03. marts 2008 - 00:15 #5
Hermed gjort - de første 3 filer kan jeg ikke finde i Hijack (02, 02 og 03) - de andre er slettet. Her er de to logfiler

1)//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Mar 03 23:31:49 2008

23:31:49: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\CF26775.exe" deleted successfully.
Folder "C:\Programmer\NetProject" deleted successfully.
Folder "C:\Programmer\Sotfone" deleted successfully.

Error:  folder "C:\Programmer\Helper" not found!
Deletion of folder "C:\Programmer\Helper" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.


2) Logfile of HijackThis v1.99.1
Scan saved at 00:12:40, on 04-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0230Mon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Maxtor\ManagerApp\Onetouch.exe
C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearchIndexer.exe
C:\Programmer\Geske Spyware\Virus 2008\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.dr.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
O4 - HKLM\..\Run: [VOBID] C:\Programmer\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programmer\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmer\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Programmer\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmer\Geske diverse\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\Geske Spyware\Virus 2008\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?e924aafe78b846b3838577704f6a90b9
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?e924aafe78b846b3838577704f6a90b9
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.gaardlauget.com/controls/IlosoftImageUpload.dll
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp06.photoprintit.de/microsite/10021/defaults/activex/IPSUploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotomail.billedbutikken.dk/upload/xupload/XUpload2101.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\Geske Spyware\Virus 2008\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\Geske diverse\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programmer\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: MaxSyncService (NTService1) -  - C:\Programmer\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

3) Skal jeg gemme alle de programmer jeg nu har downloadet og supplerer de dermed de andre spyware og virusprogrammer jeg har? Kan se af Super Anti Spyware popper op når jeg starter - men kan jeg selv afkode nogle af resultaterne eller skal jeg herind eller?

endnu engang tak - og sov godt :-)
Avatar billede Computer Hjælp (Gratis) Mester
03. marts 2008 - 00:46 #6
Lige efter 'bogen' på de gode sider *S*

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

------------

SuperAntiSpyware kan du evt. afinstall ved lejlighed...
Avenger mappen kan du også slette.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:51 Hvordan slukker man tastatur lys på en PC (AMD Ryzen 5 3550H) Af Philip Kuhlmann i PC
I går 14:35 eftersøger pinnacle14 ultimate Af Janove i Foto & video
I går 13:45 Langsom forbindelse gennem ethernetkabel Af Esben i LAN/WAN
31/0823:37 Poe strøm Af lurup i LAN/WAN
31/0814:46 GIF-EDITOR Af snestrup2000 i Billedbehandling
White papers
Flere white papers »


Premium
Teaser billede
Danmarks to store it-styrelser skal reduceres markant: Skal samlet sige farvel til hver fjerde stilling i de kommende år
Læs mere »
Nu når en af Danmarks helt store GDPR-retssager til vejs ende: Står over for bødekrav på 800.000 kroner
Regeringen vil reducere bevilling til Datatilsynet med millioner: Skal bruge væsentligt færre penge på løn og tilsyn
Selskab med 40.000 ansatte dropper VMware efter ballade - vælger anden løsning
Se alle »
Computerworld
Teaser billede
Næste måned skifter din iPhones Apple-id til et nyt navn
Læs mere »
Nærmest selvkørende: Jeg kørte fra Roskilde til København uden at røre rattet
Test: Denne laptop rammer plet - er utrolig slank men alligevel utrolig stærk
Test af Tesla Model 3 Performance: Aldrig har man fået så meget sportsvogn til så få penge
Se alle »
CIO
Teaser billede
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
Læs mere »
DSB køber cloud-løsning til 420 millioner kroner af hollandsk it-selskab: Skal afløse 30 år gammelt system
Topchef: Public cloud er alt for dyrt og besværligt - fremtiden for virksomhederne er et helt andet sted
Detailkæde har mistet over 65 millioner kroner efter cyberangreb – kræver erstatning fra it-leverandør
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
Til åbningsfest i det nye NNIT-hovedkontor: ”Som at flytte til New York sammenlignet med der hvor vi kommer fra” - se billederne
Se alle »
White paper
Teaser billede
Sådan: Sikker, hurtig og fleksibel storage til dine kritiske data
Læs mere »
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
AI’s rolle i fremtidens projektledelse
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »