[sungod000]

Hej!
Jeg har bemærket, at jeg havde et problem, da jeg hørte musik på mystisk vis spiller. I kontrolleres, og så en flok IEXPLORE.EXE processer kører.

Jeg løb NAV, Ad-Aware, Defender og derefter fulgte de anvisninger, du angav. Tak på forhånd for hjælpen. Her er de logfiler:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2008 at 08:53

Application Version: 3.9.1008

Core Rules Database Version: 3384
Trace Rules Database Version: 1378

Scan type: Complete Scan
Total Scan Time: 01:01:52

Memory poster scannet: 576
Memory trusler opdaget: 0
Topdomæneadministratoren poster scannet: 7837
Topdomæneadministratoren trusler opdaget: 0
File poster skannet: 66011
File trusler opdaget: 60

Adware.Tracking Cookie
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ advertpro [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ revsci [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@richmedia.yahoo [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ eyewonder [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ hc [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@sales.liveperson [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ html [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@www.burstnet [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@www.crackpassword [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@umkxup22.unitedme dia [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@click.mgg01 [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ adcentriconline [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@ad1.soundpedia [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ adbrite [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@iacas.adbureau [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ indiads [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@microsoftwga.112. 2o7 [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@ads.cnn [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@ads.monster [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@server.iad.livepe rson [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@ads3.blastro [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@mailtrack.rnm [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@track.bestbuy [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ atwola [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ 85084061 [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ partypoker [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ sundeep@ads.as4x.tmcs [2]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ xiti [1]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ tribalfusion [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman Ager [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman Ager [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ adbrite [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ adecn [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ads.128b [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@adserver.ea syad [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ apmebf [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ atdmt [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ banner [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ clicksor [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ DoubleClick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ øge [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ euros4click [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ fastclick [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ FindWhat [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ partypoker [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ pro-market [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ statcounter [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@stats.adbri te [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ toseeka [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@tracker.aff istats [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.findit-quick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goodcli ckz [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.kikclic k [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ Zedo [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ Zedo [3]. Txt
C: \ Documents and Settings \ Sundeep \ Cookies \ Sundeep @ burstnet [2]. Txt







# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2806 (20080118)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = 5ac60436be4e8c4d8b34206de1ddeb01
# Udgangen = færdig
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-01-19 03:34:06
# Local_time = 2008-01-19 10:34:06 (-0500, Eastern Standard Time)
# Land = "USA"
# OSVer = 5.1.2600 NT Service Pack 2
# Scannet = 394948
# Fundet = 14
# Scan_time = 2493
C: \ MSInfnd.exe sandsynligvis en variant af Win32/Hupigon trojan (ude af stand til at rengøre - udgår) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc flere infiltration (udgået) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc »ZIP» BlackBox.class en variant af Java / ClassLoader trojanske (fejl under rengøring - operation utilgængelig for denne type objekt - fejl under sletning - operation utilgængelige for denne type objekt - var en del af de slettede objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc »ZIP» VerifierBug.class JS / IEStart.G trojanske (fejl under rengøring - operation utilgængelig for denne type objekt - fejl under sletning - operation utilgængelige for denne type objekt - var en del af de slettede objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc »ZIP» Dummy.class Java / NoCheat.B trojanske (fejl under rengøring - operation utilgængelig for denne type objekt - fejl under sletning - operation utilgængelige for denne type objekt - var en del af de slettede objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-3f7c5e12 en variant af Java / ClassLoader trojanske (udgået) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-3f7c5e12 »ZIP» BlackBox.class en variant af Java / ClassLoader trojanske (fejl under rengøring - operation utilgængelig for denne type objekt - fejl under sletning - operation utilgængelige for denne type objekt - var en del af de slettede objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d flere infiltration (udgået) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d »ZIP» BlackBox.class en variant af Java / ClassLoader trojanske (fejl under rengøring - operation utilgængelig for denne type objekt - fejl under sletning - operation utilgængelige for denne type objekt - var en del af de slettede objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d »ZIP» VerifierBug.class JS / IEStart.G trojanske (fejl under rengøring - operation utilgængelig for denne type objekt - fejl under sletning - operation utilgængelige for denne type objekt - var en del af de slettede objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søn \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d »ZIP» Dummy.class Java / NoCheat.B trojanske (fejl under rengøring - operation utilgængelig for denne type objekt - fejl under sletning - operation utilgængelige for denne type objekt - var en del af de slettede objekt) 00000000000000000000000000000000
C: \ Programmer \ Common Files \ Microsoft Shared \ MSInfo \ MSInfnd.exe sandsynligvis en variant af Win32/Hupigon trojan (ude af stand til at rengøre - udgår) 00000000000000000000000000000000
C: \ WINDOWS \ system32 \ _MSInfnd.exe sandsynligvis en variant af Win32/Hupigon trojan (ude af stand til at rengøre - udgår) 00000000000000000000000000000000
D: \ MSInfnd.exe sandsynligvis en variant af Win32/Hupigon trojan (ude af stand til at rengøre - udgår) 00000000000000000000000000000000








Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 10:55:08 den 01/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Programmer \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Programmer \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Programmer \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Programmer \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Programmer \ Yahoo! \ NAV \ navapsvc.exe
C: \ Programmer \ Yahoo! \ NAV \ iwp \ NPFMntor.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Programmer \ Cyberlink \ Shared files \ RichVideo.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Programmer \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ ifrmewrk.exe
C: \ Programmer \ Dell \ QuickSet \ quickset.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Programmer \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Programmer \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ Dot1XCfg.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Programmer \ PhatNoise Music Manager \ PNAgent.exe
C: \ Programmer \ Windows Defender \ MSASCui.exe
C: \ DOCUME ~ 1 \ Sundeep \ LOCALS ~ 1 \ Temp \ clclean.0001
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ Programmer \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programmer \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Programmer \ Hamachi \ hamachi.exe
C: \ Programmer \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Programmer \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Programmer \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Programmer \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / tf Intel PROSet / Wireless
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Programmer \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Programmer \ Google \ Google Desktop Search \ GoogleDesktop.exe" / start
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Programmer \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Persistens] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel og Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Programmer \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programmer \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Programmer \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Programmer \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Programmer \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammenhæng menupunkt: Send til & Bluetooth-enhed ... - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programmer \ PartyGaming \ PartyPoker \ RunApp.exe (file mangler)
O9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programmer \ PartyGaming \ PartyPoker \ RunApp.exe (file mangler)
O9 - Ekstra knap: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O10 - Broken Internet adgang på grund af LSP provider 'c: \ Programmer \ Bonjour \ mdnsnsp.dll »manglende
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932290562
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Programmer \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Programmer \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Programmer \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programmer \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Ukendt ejer - C: \ Programmer \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (filen mangler)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programmer \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Programmer \ Yahoo! \ NAV \ iwp \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Programmer \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Unknown ejer - C: \ Programmer \ Cyberlink \ Shared files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Programmer \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Programmer \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Programmer \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 11743 bytes

[evilfantasy]

Velkommen til TCF.


Åbn HJT og vælg Må en systemscanning kun derefter anbringe en markering ved siden af:

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O9 - Ekstra knap: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programmer \ PartyGaming \ PartyPoker \ RunApp.exe (file mangler)
O9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programmer \ PartyGaming \ PartyPoker \ RunApp.exe (file mangler)

Luk alle vinduer undtagen for HJT og klik på Fix kontrolleres.

----------

• Dobbeltklik på den hentede fil til at køre installationen.

Under installationen:

• Efterlad alle indstillinger på standard undtagen TeaTimer (skal du sørge for at fjerne markeringen af indstillingen under installationen)
• Teatimer kan være en ressource hog og også blokere fjernelsen af nogle problemer med malware.
  • Hvis du allerede har TeaTimer aktiveret, se nederst i dette indlæg om, hvordan du deaktivere den.
• Må den anbefalede registreringsdatabasen backup.
• Under installationen er enige om at Søg efter opdateringer nu til at installere opdateringer.
• Enige om at Immunize systemet.
• Sørg for, at du forlader SDhelper (IE dårlige download blocker) kontrolleres for at installere.

Efter installationen:

• Kontrollér altid for en opdatering, før du kører en scanning.
• Hvis du får dårlige kontrolsum fejl, når du prøver at opdatere, bare vælge en anden serverplacering.
• Ser også for Immunize funktion i Spybot og bruge det.
  • Først i kolonnen til venstre klikke på Immunize ikonet, og den vil undersøge, hvad der skal immunize.
  • Når den er færdig, lad standardindstillingerne, og klik på grøn plustegn øverst, der siger Immunize.
• Luk ALLEbrowservinduer.
• Nu skal du klikke på Search & Destroy ikon. (øverst til venstre)
  
• Så på den øverste menu klikke på Kontroller for problemer knappen for at starte scanningen.
  
  • Vær tålmodig, dette kan tage lidt tid at løbe.
    
  • Fremskridtene vil blive vist i statuslinjen i bunden af vinduet.
    
  • Må ikke køre andre scanninger mens Spybot kører.
• Når scanningen er fuldført skal du sørge for at vælge alt og derefter klikke på Fix valgte problemer på den øverste menubjælke.

BEMÆRK: Hver gang du installerer opdateringer til Spybot, tjek for nye Immunizations ved at følge ovenstående trin.

----------

Kør en ny scanning med HJT og post loggen efter Spybot har afsluttet.

[sungod000]

Ok, her er den nye log:

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt på 5:09:34 PM, den 01/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Programmer \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Programmer \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Programmer \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Programmer \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Programmer \ Yahoo! \ NAV \ navapsvc.exe
C: \ Programmer \ Yahoo! \ NAV \ iwp \ NPFMntor.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Programmer \ Cyberlink \ Shared files \ RichVideo.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Programmer \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ ifrmewrk.exe
C: \ Programmer \ Dell \ QuickSet \ quickset.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Programmer \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Programmer \ Intel \ Wireless \ Bin \ Dot1XCfg.exe
C: \ Programmer \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Programmer \ PhatNoise Music Manager \ PNAgent.exe
C: \ Programmer \ Windows Defender \ MSASCui.exe
C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ DOCUME ~ 1 \ Sundeep \ LOCALS ~ 1 \ Temp \ clclean.0001
C: \ Programmer \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Programmer \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Programmer \ Hamachi \ hamachi.exe
C: \ Programmer \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Programmer \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Programmer \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Programmer \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / tf Intel PROSet / Wireless
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Programmer \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Programmer \ Google \ Google Desktop Search \ GoogleDesktop.exe" / start
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Programmer \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Persistens] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel og Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Programmer \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programmer \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Programmer \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Programmer \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Programmer \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammenhæng menupunkt: Send til & Bluetooth-enhed ... - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O10 - Broken Internet adgang på grund af LSP provider 'c: \ Programmer \ Bonjour \ mdnsnsp.dll »manglende
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932290562
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Programmer \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Programmer \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Programmer \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programmer \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Ukendt ejer - C: \ Programmer \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (filen mangler)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programmer \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Programmer \ Yahoo! \ NAV \ iwp \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Programmer \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Unknown ejer - C: \ Programmer \ Cyberlink \ Shared files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Programmer \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Programmer \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Programmer \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 11469 bytes

[evilfantasy]

Jeg rodet en del af retninger fra tidligere.

Loggen ser fine Men hvordan er den PC nu?

[sungod000]

Dens gået! Tak så meget for din hjælp!

[evilfantasy]

Lyder godt. I venstre ud på download-linket fra post # 2 for Spybot. Jeg vil foreslå at installere og køre en scanning med det. Downloade Spybot-S & D Brug vejledningen fra post # 2 for at indstille det korrekt.


Dette er et godt tidspunkt til at klare dine inficerede system gendannelsespunkter og etablere en ny ren gendannelsespunkt:

• Gå til Start > Alle programmer > Tilbehør > Systemværktøjer > System Restore
• Vælg Opret et gendannelsespunkt, Og klik på Næste.
• Næste, skal du gå til Start > Løbe og skriv cleanmgr
• Vælg Flere valgmuligheder fanen
• Næste til Systemgendannelse klik Ryd op ...

Dette vil fjerne alle gendannelsespunkter, undtagen de nye en du lige har oprettet.


Check out dette indlæg gratis værktøjer og tips til at holde pc'en og dig selv sikkert i fremtiden.

Denne post har gratis værktøjer og råd til at holde pc'en kører glat i fremtiden.

[Localhost]

Du var inficeret med en RAT (Remote Administration Tool). Jeg vil gøre en søgning efter en klog .* fil til og slette den, skal normalt være i enten system32 eller Windows-mappen.

RAT's virkelig er populære hos script kiddies og brug cryptors at forhindre AV afsløring og bindere, så de kan binde den trojanske til apps.

Da jeg fandt ud af jeg fik hacket af en rotte, ved at downloade warez, jeg havde et kig på programmet mig selv og det havde en crap masser af funktioner keylog, webcam seeren, password cache. SO chancerne er, når du hørt musik, var en manuelt at gennemgå dine filer og åbne dem.

Hvis du støder på samme aktiviteter som musik, password er ændret eller endda dit webcam tændt, så i stedet for at installere en masse ubrugelig AV programmer og malware fjernelse crap. Tjek din Installed Components i registreringsdatabasen.

HKEY_LOCAL_MACHINE> Software> Microsoft> Active Setup> Installed Components og skal du blot klikke på hver af de mapper og søge efter en post som kun har en STUBPATH at pege på en. exe i system32 eller Windows-mappen.

At se, om det er det. Exe i den aktive start, navigere hen til det og køre det. Hvis den siger, at det bliver brugt af et andet program og navnet på den. Exe isnt viser i din proces liste så er det at indskyde dem i en anden proces, sådan som din defualt broswer (IE). Derefter kan du bruge HJT at slette denne fil ved genstart og naturligvis slette registreringsdatabasepost.

RAT's er de samme som IRCBOT men en RAT bare har en GUI, jeg vil anbefale en firewall, derfor hvis et program ønsker at tilfældigt oprette forbindelse til internettet kan du benægte det, og stadig bruge det program. Fordi den trojanske er binded til installationsfilen, den trojanske ekstrakter og henretter når du skal til at installere og vil forsøge at foretage en exteernal forbindelse, og hvis du blokerer det så du har en trojansk men Arnt smittet, fordi det vil bare sidde i en mappe gør ingenting.

Beklager at blabber om, håber, at dette har givet dig en bredere horisont på den potentielle fare på rotter og IRCbots.

Brad

[sungod000]

Hey Brad, thanks for info.
Jeg gjorde, hvad du sagde, og alle de. Exe Referencestandarden af stubpaths at jeg dobbelt klikkede ikke blev brugt af et andet program. Så ... betyder det Jeg er ok?

Tak for din hjælp.

[evilfantasy]

Localhost ville du tankerne at give mig nogle henvisninger som til din malware fjernelse baggrunden? På hvilket forum vil du normalt bistå med malware fjernelse.

[Localhost]

Citat:

Oprindeligt Indsendt af sungod000

Hey Brad, thanks for info.
Jeg gjorde, hvad du sagde, og alle de. Exe Referencestandarden af stubpaths at jeg dobbelt klikkede ikke blev brugt af et andet program. Så ... betyder det Jeg er ok?

Tak for din hjælp.

Har det bare vise en stubpath og intet andet? Du kan se på den forkerte tast. Den virker bare siger stubpath og derefter simpelthen et sted.