Kandu.dk - Mangler system32


/ Forside/ Teknologi / Internet / Sikkerhed / Spørgsmål

Glemt dit kodeord?

Brugernavn*

Kodeord *

Husk mig

Brugerservice

Kom godt i gang

Bliv medlem

Seneste indlæg

Find en bruger

Stil et spørgsmål

Skriv et tip

Fortæl en ven

Pointsystemet

Kontakt Kandu.dk

Emnevisning

Kategorier

Alfabetisk

Karriere

Interesser

Teknologi

Reklame

Top 10 brugere

Sikkerhed

#	Navn	Point
1	stl_s	37026
2	arlet	26827
3	miritdk	20260
4	o.v.n.	12167
5	als	8951
6	refi	8694
7	tedd	8272
8	BjarneD	7338
9	Klaudi	7257
10	molokyle	6481

Mangler system32
Fra : Er ikke online

Simmaster

Vist : 2542 gange
300 point
Dato : 09-04-06 23:17

Hejsa, tror jeg har fået en virus, min computer ter sig.
Limewire mit fildelingsprogram begyndte at starte af sig selv og når jeg lukkede det startede det bare igen.
Så jeg har været lidt på jagt efter om der skulle være noget skidt.
Jeg kan ikke åbne min jobliste, og til min store forbavselse manger mappen c:\windows\system32 på min computer, meget mystisk. Jeg har forsøgt mig i fejlsikret tilstand uden held, jeg har kørt en scan med spybot search and destroy, jeg har scannet med norton, intet virker.

Nogen der har været ude for noget lignende. Tror system32 er der, men bare er skjult for mig, skulle ikke mene jeg overhovedet ville kunne bruge windows uden system32.
Jeg kan heller ikke bruge min komandopromt, får en besked om at programmet bruges af en anden proces, er sikker på at det har noget at gøre med den virus.

Mit helt store spørgsmål er Hvilken virus ter sig som det jeg beskriver? Altså jeg skal bruge navnet på den, og evt en henvisning til en guide i at fjerne den.

Jeg hæver point til 300 hvis jeg får et svar jeg kan bruge.

Mvh Jacob

Kommentar
Fra : Er ikke online

Simmaster

Dato : 09-04-06 23:21

Her er min hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 22:07:34, on 09-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Microsoft Hardware\Keyboard\type32.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\USISrv.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\limewire\limewire.exe
C:\Documents and Settings\carsten\Skrivebord\hijack\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Programmer\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Programmer\Fælles filer\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYDK
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121622342015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4598/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Norton Internet Security\comHost.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

Kommentar
Fra : Er ikke online

o.v.n.

Dato : 09-04-06 23:37

Jeg er ikke god til at læse Highjack This, men for mig at se er der noget der ikke skal være der, prøv at kigge ind hos www.arlet.dk klik på mulighederne under Hvis du har fået, og/eller hent og kør SuperAntiSpyware: http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Kommentar
Fra : Er ikke online

stl_s

Dato : 10-04-06 01:34

Kør den scanner som o.v.n. linker til. Genstart, og kom med en ny HijackThis log. Så kigger jeg på den (igen).

Kommentar
Fra : Er ikke online

o.v.n.

Dato : 10-04-06 01:58

Simmaster, hvis ikke du ved det, så er stl_s ekspert i Hijack This, så nu er du i gode hænder Glad

Kommentar
Fra : Er ikke online

briani

Dato : 10-04-06 08:05

Hejsa

PRØV FØRST

Gå i start - kør - skriv: sfc /scannow
Der skal være mellemrum mellem sfc og /scannow
Og du skal have din Windows XP Cd i drevet mens du foretager dig dette.

Det der sker med denne kommando, er hvis du har mistet eller fået ødelagt en systemfil, så bliver den repareret/gendannet.

OBS
Det kan godt tage lang tid så væbn dig med tålmodighed.

Og så prøv lige dette.

Først går du ind i dine mappeinstillinger-find den i dit kontrolpanel-og klikker på fanen vis
Her fjerner du fluebenet fra
Skjul beskyttet operationsfiler
Skjul filtypenavne fra kendte filtyper
Og sætter et flueben i – vis skjulte filer og mapper

Så højreklikker du på denne computer-vælg egenskaber-gå i fanen systemgendannelse-og deaktiver systemgendannelse på alle drev (sæt et flueben)

Så henter du denne virusscanner

http://www.spywareinfo.dk/download/mwav.exe

Så genstarter du i fejlsikret tilstand(klik gentagne gange på f8)
Når den er startet op i fejlsikret tilstand-så køre du lige en tur med den scanner som du har hentet- Aktiver det hele i opsætningen derinde, så den kan skanne alt igennem.væbn dig med tålmodighed det kan godt tage fra 1 til 2 timer afhængig af hvor meget du har på din pc

Når den er færdig genstarter du normalt-aktiver din systemgendannelse og sæt dine mappeinstillinger tilbage igen.

MVH
Brian Glad

Kommentar
Fra : Er ikke online

sofus.dk

Dato : 10-04-06 09:05

Hjælper ikke på virus
Den her ser mystisk ud
C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe
Mener at huske den som en skiderik af de værre.

Kommentar
Fra : Er ikke online

Simmaster

Dato : 10-04-06 15:27

Jeg har scannet igen med superantispyware, og kørt en ny hijackthis, her er log.

Logfile of HijackThis v1.99.1
Scan saved at 15:10:29, on 10-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\WINDOWS\Explorer.EXE
C:\CFusion\jrun\bin\jrun.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Microsoft Hardware\Keyboard\type32.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\USISrv.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\carsten\Skrivebord\hijack\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Programmer\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Programmer\Fælles filer\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYDK
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121622342015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4598/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Norton Internet Security\comHost.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

Hehe, jeg havde luret lidt på C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe
Og mistænkt den, men jeg har ikke rørt den... Endnu

Mvh. Jacob

Kommentar
Fra : Er ikke online

Simmaster

Dato : 10-04-06 15:38

Har kikket lidt på disse 2 mistænkelige fættere også.

C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

Ved at det kan være noget med update at gøre, men har også læst at det kan være en kamofleret trojan

Kommentar
Fra : Er ikke online

Simmaster

Dato : 10-04-06 15:50

Jeg er jo lidt nysgerrig anlagt, så derfor laver jeg også lidt research selv, og jeg har kikket på diverse hijack this logfiler, og på en af dem så jeg en der havde 2 C:\WINDOWS\system32\wuauclt.exe , ligesom jeg han laver så lidt mere med diverse scannere og laver en ny log, her har han kun 1 C:\WINDOWS\system32\wuauclt.exe, derfor er min mistanke til denne temmelig stor. hvad tror i er jeg fuldstændig galt på den, eller har jeg fat i noget her?

Jacob

Kommentar
Fra : Er ikke online

Simmaster

Dato : 10-04-06 16:26

Har lige kørt en scan med trojanhunter og her er hvad den fandt og fjernede.

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
Port 8110/TCP is open (Matches LoseLove.100. Port being used by process ntConsoleJava.exe/PID 2132) (Tell me more about port alerts...)
Memory scan
No trojans found in memory
File scan
Found trojan file: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\svchost.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\#1 Cd Ripper 1.72.86.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\#1 Video Converter v3.7.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\1939 Battlefleet.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\1Click DVD Copy - PRO v2009.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\25 To Life-RELOADED iSO.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\3D Driving School Plus Service Packs.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\3d World Map 2.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\3rd PlanIt v7.08.016.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\4U AVI MPEG Converter v3.6.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\69 Babes ScreenSaver.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\A+ Cetification Bible.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Absolute Uninstaller 1.41.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\ACA Capture Pro v5.10.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Access 2003 Bible.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Access Administrator Pro v3.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\ACD Systems Canvas X 925.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ace Buddy v3.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ace DVD Backup v1.2.26.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ace FTP v3.01Pro.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\AceFTP Pro 3.61.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\ActionScript Cookbook.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Actual Title Buttons v3.7.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Actuator Saturation Control.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Adobe Acrobat 6 PDF For Dummies.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Adobe After Effects 5 Bible (ebook).exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Advanced CD Label Maker v1.1.9.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Advanced Phone Recorder v.1.7.6.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Aeon Flux DVDRip XviD.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ahead DVD Ripper v1.3.6.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ahead NeroLINUX v2.0.0.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Aio Programs.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\AIO Sony Media _ $1500.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Akala Exe Lock v3.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Album Cover Art Downloader.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Alchemist Wizard 1.04.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Alias Maya 7.0 Retail Full.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\All Audio To MP3 Converter v3.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\All Cleaner 6.5.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\All Cleaner v6.5.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Amadis DVD Ripper Professional ver. 1.0.3 Full.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Amara Soft 5in1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Americas Army.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\AmiBorker 4.70 RC 3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Anatomy of a Robot.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Anonymity 4 Proxy.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Anonymous Guest 3.00 Professional.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Anti Trojan Elite v3.3.4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\AOL Instant Messenger.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Apollo Photo2VCD v1.1.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\ArchiCAD 9.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\ArchiveXP 2004 11.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ardamax Mouse Wheel Control v2.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Artoonix v1.14.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ashampoo Burning Studio 5.0.5.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ashampoo Magic Defrag v1.11.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ashampoo WinOptimizer Platinum Suite 2 2.10.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Asmw PC Optimizer Pro v6.31.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Asmw PC-Optimizer Pro 7.0.0.2625.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Asound Recoder v2.5.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Atlantis Encyclopedia.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Audio Edit Magic 7.5.9.675.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Audio Studio v5.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Aurora Media Workshop v2.4.6.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Automize v6.14.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\AutoRun Design 2.0.0.10.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\AxySnake 1.17.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Aye Parental Control v2.04.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Backup Magic 1.6.4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Backup4all 2.3.2 Build 738.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Batch Watermark Creator 3.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\BearShare Pro v5.2.1.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Beyond Good and Evil.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Biomechanical Systems Vol. 4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Black And White 2 iSO.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Bopup Communication Server v2.0.3.114.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Bopup Messenger v4.1.0.2328.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\BR PhotoArchiver 4.2.1a.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Buddy Icon Grabber v1.04.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Cable ADSL Speed Test.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Cakewalk Pro v9.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\CD Audio Wave Editor 1.93 beta.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\CD to MP3 WAV Maker v1.15.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\CDMenuPro Personal Edition v4.20.01.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Cheetah DVD Burner v1.14.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Chrysanth Mail Manager v1.8.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\CleanCenter 1.35.02 Full Setup.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\CloneDVD 2.4.5.4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Complete Anonymous Web Surfing v3.4 retail.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Cosmic Scenes v2.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Crime Spree [DVDRiP].exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\CrystalPlayer v1.85 Pro.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Cyberia Radio v2.5.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\D3DGear v1.5.7 Build 1023.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\DigitByte AVI Joiner v1.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\DigitByte Ofilter Player v1.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Donald Duck- Goin Quackers.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Drive Discovery v1.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\DVDComposer v1.0.0.1 BETA.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\DVDFab Express 2.62.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\DVDFab Platinum Edition 2.83.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\DVDIdle Pro v5.9.7.5 Multilingual.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Easy Password Store v1.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Easy Remover 2004 2.6.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Empire of Ants.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Encrypt HTML Pro v2.6.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Entourage Season 1 (Complete).exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Error Doctor 2006 1.2 Final Edition.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Error Killer v2.6.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Evolution GT.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\ExcelDiff v2.1.62.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Executable File Icons Changer v2.70.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Eziriz NET Reactor v1.2.0.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\F-Secure Anti-Virus Client Security v5.55.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Far Cry DVD iSO.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\FastEZ CD And DVD Maker v2.10.100.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\FileLocator Pro 3.1.638.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Final Draft v7.1.1.19.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\FL Studio Producer XXL Edition 6.0.8.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Fleximage Dvd To Mpeg v2.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Fleximage Dvd To others(aio).exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\FortaWare ByteOMeter v1.5.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Full Spectrum Warrior Ten Hammers [PC]+[PS2]+[XBOX].exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Gadget Tycoon.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\GameShock v1.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\GerbView v5.41.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\GraphicsGale v1.54.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Hacking Rapidshare.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Happy Grabbing 2006 All In One.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Hexprobe v1.41.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Hidden and Dangerous 2 Sabre Squadron iSO.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\HiDownload Pro 5.4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Hollywood FX Vol. 1 For Pinnacle Studio 10.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Home Plan Pro v5.1.66.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\HumanSoftware keygens.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\IBM Rational Software Modeler Version 6.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Inquiry 1.0.98.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\International Superstar Soccer 3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Internet Download Accelerator v2.6.1.657.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Internet Download Manager 4.03.4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Internet Download Manager v4.07.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Isobuster 1.9.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\JAM Software SmartBackup v2.2.0.229 Retail.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Kaspersky All-In-One.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Kaspersky Anti-Hacker 1.8 Build 180 (2006).exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Kaspersky Anti-Virus Personal Pro 5.0.18.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Kerio Personal Firewall 4.1.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Lavavo DVD Copy v1.0.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\LiteServe v2.26.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Little Fingers AIO (Childrens Educational Games).exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\LogiXML LGX Info Studio v7.2.7.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Luxology Modo v1.03 15661.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Macro Recorder v2.31.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Magix Music Maker 2005 Deluxe.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\MalcolmX DvDRiP.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Mathcad 13.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\McAfee Spamkiller v7.0.20 Retail.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\MDaemon Pro 9.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Media Tools Professional v5.00.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\METARs Downloader v1.2.8.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\MobiSystems MSDict Viewer v7.00.04 PalmOS.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Motion Studio v.3.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Mozilla Thunderbird 1.5 RC1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Musicmatch Jukebox Plus 10.00.4033.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\MyAlbumSaver v1.00.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\NetObjects Fusion Powerpack All-In-One 2006.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Neun v2.0.0.0 Multilanguage.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Nicos Mailer v1.12.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Norton Antivirus 2006.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Norton Systemworks 2006.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Offline Explorer.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\OparinClock 2.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Open Book 2.0.0.6 EN.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Opera 9.0 Build 8359 Beta.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Page O Labels For File Folders 2.8d.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Panopticum Alpha Strip 1.22.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\PartyDJ v5.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Pauls Blackjack.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Photo Frame Show 300 Frame.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Plot2PDF v1.4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Poker Superstars II.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Power Video Converter 1.29.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\PowerArchiver 9.50.02 Alpha.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\PowerStrip 3.59.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\PowerZip 7.05.3879.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Pro-swim Meet Manager 2004.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Professional League TE v1.30.13.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\PSRemote v1.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Pure CD Ripper v3.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\QImage Pro v2006.252.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Quick Time 6.4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\R.C. Cars.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\RAR v3.51 Linux.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Real Spy Monitor v2.41.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\RegDoctor v1.28.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Registry Defragmentation v7.5.7.15.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Registry Help Pro v1.18.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Remote Administrator 2.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\RocketDivision StarSkin v2.4.5.6.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Roxio Easy Media Creator 8.0 Deluxe Suite.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\SafeInput v1.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Screen Saver Construction Set v2.0.28a.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Secura Archiver 1.5,1.6&1.7.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Secura Backup Professional v2.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\SecureCRT v5.0.4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Sid Meier's Pirates.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Ski-Doo X-Team Racing.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Skype 2.0.0.97.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Slysoft AnyDVD 5.9.5.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\SlySoft CloneCD v5.2.0.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\SMS For All 1.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\SoThink FlashVideo Encoder v1.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Sothink SWF Decompiler v3.0.60330.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Sound Recorder v1.2.7.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Speed DVD Creator v2.1.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Spy Cleaner Gold 9.3.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Spyware Doctor 3.8.0.1557.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Star Wars (AIO).exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Station Ripper v2.14.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Super Cosplay War Ultra.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Super Internet TV v6.1.0.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Super Mario Forever.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Sysgate Firewall 5.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Taltech TCP Com v4.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Tansee iPod Transfer v3.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\The Avionics Handbook.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\The Little Mermaid.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Tiff-PDF counter 1.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Time and Chaos v6.0.4.4.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Topee CD Ripper v1.2.45.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Trojan Remover.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Undelete Pro Server Home Edition v5.0..exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Victory Road.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Virtual CD 6.0.0.2.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Virtual Impact.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Visual Assist X v10.1.1299.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Visual Comparer v1.10.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\WareSoft XP Smoker Pro v5.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Web Translator v5.00.5100.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Webroot Spy Sweeper 4.5.9.709.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Webserver Stress Tool v7.0.2.173.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Will Rock.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\WinAmp 5.21.497 Pro-Full-Standard-Lite.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\WinFonie Mobile v1.9.45.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\WinMerge v2.0.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\WinRAR 3.60 Beta 1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\WinXP Manager v4.95.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\WMA MP3 Converter v5.1.1 (6.08 MB).exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Work With Registry 3.50.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\WowBB v1.62.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Write Again v1.3.2.1.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\X-Plane Sim.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Xatshow Professional v7.00.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Xilisoft Audio Converter v2.1.41.1013.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Xpand Rally.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\xzxzxzxzxzxz.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\Yaomingsoft A-one 3GP Video Converter v2.15.exe (TrojanDropper.VB.130)
Found trojan file: C:\Documents and Settings\carsten\Dokumenter\Modtagne filer\_\ZillaFTP 3.0.0.exe (TrojanDropper.VB.130)
Error: Error while unpacking C:\Programmer\Alcohol Soft\Alcohol 120\Langs\AX_HU.dll: Access violation at address 77C378C0 in module 'msvcrt.dll'. Read of address 8322A8BC
Error: Error while unpacking C:\Programmer\Alcohol Soft\Alcohol 120\Langs\AX_SK.dll: Access violation at address 77C378AC in module 'msvcrt.dll'. Read of address 0FDEC602
Found trojan file: C:\Programmer\BitComet\Downloads\LimeWire PRO 4.10.8.2\LimeWire PRO v4.10.8.2.exe (TrojanDropper.Agent.189)
Found adware file: C:\Programmer\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch.104)
Found adware file: C:\Programmer\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch.105)
Found adware file: C:\Programmer\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch.106)
Found trojan file: C:\RECYCLER\S-1-5-21-2000478354-1637723038-839522115-1003\Dc3.exe (TrojanDropper.VB.130)
Found adware file: C:\WINDOWS\Downloaded Program Files\cssweb.dll (Adware.CssWeb.100)
264 files identified

Ikke så lidt endda, køre en ny hijack om lidt og ligger den herind også.

Kommentar
Fra : Er ikke online

Simmaster

Dato : 10-04-06 16:30

Tja, jeg har da fået fjernet en del... Men mangler stadig mappen system32, og kan stadig ikke bruge joblisten.

Her er seneste hijack log

Logfile of HijackThis v1.99.1
Scan saved at 16:22:51, on 10-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\WINDOWS\Explorer.EXE
C:\CFusion\jrun\bin\jrun.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Microsoft Hardware\Keyboard\type32.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\USISrv.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\TrojanHunter 4.5\THGuard.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\carsten\Skrivebord\hijack\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Programmer\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Programmer\Fælles filer\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe.tcf
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYDK
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121622342015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4598/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Norton Internet Security\comHost.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

Kommentar
Fra : Er ikke online

briani

Dato : 10-04-06 17:06

Har du prøvet det jeg skrev i min kommentar længere oppe??

Brian

Accepteret svar
Fra : Er ikke online

stl_s

Modtaget 300 point
Dato : 10-04-06 17:17

Du har været en tur på SmileyCentral, og været så "heldig" at redde dig MyWebSearch, og en masse andet "godt", som du sikkert har fået via Limewire. Scannerne har snuppet det værste, som det fremgår af loggen. Der er kun lige lidt oprydning tilbage.

For at kunne se alle filer og mapper, gør du dette http://www.spywareinfo.dk/#/tip-og-tricks/mappeindstillinger.htm

Lad os så prøve at få System32 gjort synlig igen. Gå i Kommandoprompt og skriv: attrib -h c:/windows/system32og tast <enter> Så burde du kunne se den i stifinder igen. Hvis ikke, så gå lige op i dropdownmenuen vis, og klik opdater.

Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved disse linier, og klik fix checked.

O4 - Global Startup: svchost.exe.tcf
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYDK
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

Slet denne fil (den er omdøbt af Trojanhunter, men væk skal den alligevel) Åbn stifinder, og klik dig frem til den.

Documents and Settings/Menuen Start/All Users/Programmer/Start/svchost.exe.tcf

Lad os så prøve at få liv i joblisten, og hvad der ellers kan være deaktiveret. Hent denne fil http://freeweb.siol.net/razor256/downloads/InfiltrationRecoveryTool.zip

Udpak og kør den. Sørg for der ikke er sat nogle flueben, og klik apply. Genstart, og se om ikke tingene fungerer igen.

Der kan godt køre to wauclt.exe samtidig. Du har ikke flere trojanere, da de så var blevet fundet af dine scannere. Den havde også lagt filen i en anden mappe, og ville også kunne ses i run nøglerne.

Du burde være clean nu, men lad mig lige se en sidste log.

Btw, Norton har ikke været særligt nyttigt, må man sige. Det er det faktisk aldrig. Jeg syntes du skulle udskifte det med noget bedre. Hvis du skal fildele, så skal du have bedre beskyttelse, så jeg kan da kun anbefale dig at købe Trojanhunter, og f,eks Kaspersky antivirus. Det vil beskytte dig noget bedre. Prøv at kigge her for beskyttelsesprogrammer http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Godkendelse af svar
Fra : Er ikke online

Simmaster

Dato : 10-04-06 19:03

Tak for svaret stl_s.

Mange mange tak for hjælpen, nu kan jeg så bande lidt ad mig selv for at være sådan en utålmodig sjæl, jeg valgte at formatere og geninstallere, men tak for at du brugte din tid.
Jeg vil kikke lidt på det der kaspersky og trojanhunter, og så vil jeg forøvrigt ALDRIG bruge limewire igen. hehe

Mvh. Jacob

Kommentar
Fra : Er ikke online

stl_s

Dato : 10-04-06 19:31

Hvis jeg havde været lidt før hjemme fra arbejde, havde du måske ikke behøvet at formatere. Men okay, nu har du ihvertfald en helt frisk maskine.

Tak for point.

Du har følgende muligheder

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.

Søg

Reklame

Statistik

Spørgsmål :	177547
Tips :	31968
Nyheder :	719565
Indlæg :	6408797
Brugere :	218887

Månedens bedste

Årets bedste

Sidste års bedste