[sungod000]

Hei,
Jeg la merke jeg hadde et problem da jeg hørte musikken mysteriously spiller. Jeg sjekket og så en haug med IEXPLORE.EXE prosesser kjører.

Jeg kjørte NAV, Ad-Aware, Defender og deretter fulgt instruksjonene du har angitt. Takk på forhånd for hjelp. Her er loggene:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2008 at 08:53

Application Version: 3.9.1008

Core Rules Database Version: 3384
Trace Rules Database Version: 1378

Scan type: Complete Scan
Total Scan Time: 01:01:52

Minne eks skannet: 576
Minne trusler oppdages: 0
Registerelementene skannet: 7837
Registerverdi trusler oppdages: 0
Fil eks skannet: 66011
Fil trusler oppdages: 60

Adware.Tracking Cookie
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ advertpro [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ revsci [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ cgi-bin [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@richmedia.yahoo [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ eyewonder [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ hc [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@sales.liveperson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ html [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.burstnet [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.crackpassword [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@umkxup22.unitedme DIA [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@click.mgg01 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ adcentriconline [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ad1.soundpedia [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ adbrite [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@iacas.adbureau [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ indiads [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@microsoftwga.112. 2o7 [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.cnn [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.monster [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.iad.livepe rson [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads3.blastro [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@mailtrack.rnm [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@track.bestbuy [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ atwola [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ 85084061 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ partypoker [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.as4x.tmcs [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ xiti [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ tribalfusion [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman Ager [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman Ager [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ adbrite [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ adecn [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ads.128b [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@adserver.ea syad [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ apmebf [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ atdmt [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ banner [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ clicksor [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ DoubleClick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ styrke [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ euros4click [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ fastclick [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ FindWhat [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ partypoker [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ pro-market [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ statcounter [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@stats.adbri te [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ toseeka [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@tracker.aff istats [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.findit-quick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goodcli ckz [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.kikclic k [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ zedo [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ zedo [3]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ burstnet [2]. Txt







# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2806 (20080118)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = 5ac60436be4e8c4d8b34206de1ddeb01
# End = ferdig
# Remove_checked = sant
# Unwanted_checked = sant
# Utc_time = 2008-01-19 03:34:06
# Local_time = 2008-01-19 10:34:06 (-0500, Eastern Standard Time)
# Country = "United States"
# OSVer = 5.1.2600 NT Service Pack 2
# Skannet = 394948
# Funnet = 14
# Scan_time = 2493
C: \ MSInfnd.exe sannsynligvis en variant av Win32/Hupigon trojan (ikke clean - slettes) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc flere infiltrations (slettet) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc »ZIP» BlackBox.class en variant av Java / ClassLoader trojan (feil under rengjøring - operasjon ikke tilgjengelig for denne type av objektet - feil under sletting - operasjon utilgjengelig for denne type objekt - var en del av slettet objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc »ZIP» VerifierBug.class JS / IEStart.G trojan (feil under rengjøring - operasjon utilgjengelig for denne type objekt - feil under sletting - operasjon utilgjengelig for denne type objekt - var en del av slettet objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc »ZIP» Dummy.class Java / NoCheat.B trojan (feil under rengjøring - operasjon utilgjengelig for denne type objekt - feil under sletting - operasjon utilgjengelig for denne type objekt - var en del av slettet objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-3f7c5e12 en variant av Java / ClassLoader trojan (slettet) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-3f7c5e12 »ZIP» BlackBox.class en variant av Java / ClassLoader trojan (feil under rengjøring - operasjon ikke tilgjengelig for denne type av objektet - feil under sletting - operasjon utilgjengelig for denne type objekt - var en del av slettet objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d flere infiltrations (slettet) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d »ZIP» BlackBox.class en variant av Java / ClassLoader trojan (feil under rengjøring - operasjon ikke tilgjengelig for denne type av objektet - feil under sletting - operasjon utilgjengelig for denne type objekt - var en del av slettet objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d »ZIP» VerifierBug.class JS / IEStart.G trojan (feil under rengjøring - operasjon utilgjengelig for denne type objekt - feil under sletting - operasjon utilgjengelig for denne type objekt - var en del av slettet objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ søndag \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d »ZIP» Dummy.class Java / NoCheat.B trojan (feil under rengjøring - operasjon utilgjengelig for denne type objekt - feil under sletting - operasjon utilgjengelig for denne type objekt - var en del av slettet objekt) 00000000000000000000000000000000
C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ MSInfo \ MSInfnd.exe sannsynligvis en variant av Win32/Hupigon trojan (ikke clean - slettes) 00000000000000000000000000000000
C: \ WINDOWS \ system32 \ _MSInfnd.exe sannsynligvis en variant av Win32/Hupigon trojan (ikke clean - slettes) 00000000000000000000000000000000
D: \ MSInfnd.exe sannsynligvis en variant av Win32/Hupigon trojan (ikke clean - slettes) 00000000000000000000000000000000








Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 10:55:08, on 01/19/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Programfiler \ Fellesfiler \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Programfiler \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ DJSNETCN.exe
C: \ Programfiler \ Fellesfiler \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Programfiler \ Yahoo! \ NAV \ navapsvc.exe
C: \ Programfiler \ Yahoo! \ NAV \ iwp \ NPFMntor.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Cyberlink \ Shared Files \ RichVideo.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Programfiler \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ ifrmewrk.exe
C: \ Programfiler \ Dell \ QuickSet \ quickset.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe
C: \ Programfiler \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Programfiler \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ Dot1XCfg.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Programfiler \ PhatNoise Music Manager \ PNAgent.exe
C: \ Programfiler \ Windows Defender \ MSASCui.exe
C: \ DOCUME ~ 1 \ sundeep \ LOCALS ~ 1 \ Temp \ clclean.0001
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ Programfiler \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Programfiler \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Programfiler \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Programfiler \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / tf Intel PROSet / Wireless
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Programfiler \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Programfiler \ Google \ Google Desktop Search \ GoogleDesktop.exe" / oppstart
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Programfiler \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [utholdenhet] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel og Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Programfiler \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programfiler \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Programfiler \ Fellesfiler \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Programfiler \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammenheng menyelement: Send til & Bluetooth-enhet ... - C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programfiler \ PartyGaming \ PartyPoker \ RunApp.exe (fil mangler)
O9 - Extra "Verktøy" MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programfiler \ PartyGaming \ PartyPoker \ RunApp.exe (fil mangler)
O9 - Extra-knappen: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra "Verktøy" MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O10 - Broken internett på grunn av LSP leverandør 'C: \ Program Files \ Bonjour \ mdnsnsp.dll' mangler
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasse) -- http://www.update.microsoft.com/micr...?1192932290562
O20 - AppInit_DLLs: C: \ progra ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatisk LiveUpdate Scheduler - Symantec Corporation - C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Programfiler \ Fellesfiler \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Programfiler \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programfiler \ Fellesfiler \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - c: \ progra ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C: \ Programfiler \ Fellesfiler \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C: \ Programfiler \ Fellesfiler \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Programfiler \ Fellesfiler \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown owner - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ MSINFO \ MSInfnd.exe (fil mangler)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programfiler \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Programfiler \ Yahoo! \ NAV \ iwp \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Unknown owner - C: \ Program Files \ Cyberlink \ Shared Files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Programfiler \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 11743 bytes

[evilfantasy]

Velkommen til TCF.


Åpne HJT og velg Gjør et søk deretter plassere et merke ved siden:

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O9 - Extra knappen: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programfiler \ PartyGaming \ PartyPoker \ RunApp.exe (fil mangler)
O9 - Extra "Verktøy" MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programfiler \ PartyGaming \ PartyPoker \ RunApp.exe (fil mangler)

Lukk alle vinduer unntatt HJT og klikk Fix kontrolleres.

----------

• Dobbeltklikk på den nedlastede filen for å kjøre installasjonen.

Under installasjonen:

• La alle innstillinger til standard unntatt TeaTimer (sørg for at du endre alternativet under installasjon)
• Teatimer kan være en ressurs hog og hindrer også at fjerning av enkelte problemer malware.
  • Hvis du allerede har TeaTimer aktivert, se nederst i dette innlegget om hvordan du kan deaktivere det.
• Gjør det anbefalte sikkerhetskopi av registret.
• Ved installering godtar Søk etter oppdateringer nå å installere oppdateringer.
• Godtar Immunize systemet.
• Sørg for at du la SDhelper (IE bad download blocker) kontrolleres å installere.

Etter installasjonen:

• Sjekk alltid for oppdatert før du kjører en scan.
• Hvis du får dårlig checksum feilmelding når jeg prøver å oppdatere, bare velge en annen server.
• Ser også for Immunize funksjonen i Spybot og bruker den.
  • Først i venstre kolonne klikker du på Immunize ikonet og det vil kontrollere og se hva som må immunize.
  • Når den er ferdig, la standardinnstillingene og klikk på grønn plusstegnet øverst som sier Immunize.
• Lukke ALLwebleservinduer.
• Nå klikker du Search & Destroy ikonet. (øvre venstre)
  
• Så på den øverste menyen klikker du Sjekk for problemer knappen for å starte søket.
  
  • Vær tålmodig, det kan ta litt tid å kjøre.
    
  • Fremskrittspartiet vil bli vist i statuslinjen nederst i vinduet.
    
  • Ikke kjøre andre skanner mens Spybot kjører.
• Når skanningen er fullført må du kontrollere at du velger alt og klikk Fix valgte problemer på den øverste menylinjen.

MERK: Når du installerer oppdateringer for Spybot, se etter nye Immunizations ved å følge fremgangsmåten ovenfor.

----------

Kjøre en ny scan med HJT og post loggen etter Spybot er fullført.

[sungod000]

Ok, her er nye loggen:

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 5:09:34 PM, on 01/19/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Programfiler \ Fellesfiler \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Programfiler \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ DJSNETCN.exe
C: \ Programfiler \ Fellesfiler \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Programfiler \ Yahoo! \ NAV \ navapsvc.exe
C: \ Programfiler \ Yahoo! \ NAV \ iwp \ NPFMntor.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Cyberlink \ Shared Files \ RichVideo.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Programfiler \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ ifrmewrk.exe
C: \ Programfiler \ Dell \ QuickSet \ quickset.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe
C: \ Programfiler \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ Dot1XCfg.exe
C: \ Programfiler \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Programfiler \ PhatNoise Music Manager \ PNAgent.exe
C: \ Programfiler \ Windows Defender \ MSASCui.exe
C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ DOCUME ~ 1 \ sundeep \ LOCALS ~ 1 \ Temp \ clclean.0001
C: \ Programfiler \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Programfiler \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Programfiler \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Programfiler \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / tf Intel PROSet / Wireless
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Programfiler \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Programfiler \ Google \ Google Desktop Search \ GoogleDesktop.exe" / oppstart
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Programfiler \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [utholdenhet] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel og Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Programfiler \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programfiler \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Programfiler \ Fellesfiler \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Programfiler \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammenheng menyelement: Send til & Bluetooth-enhet ... - C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra-knappen: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra "Verktøy" MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O10 - Broken internett på grunn av LSP leverandør 'C: \ Program Files \ Bonjour \ mdnsnsp.dll' mangler
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasse) -- http://www.update.microsoft.com/micr...?1192932290562
O20 - AppInit_DLLs: C: \ progra ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatisk LiveUpdate Scheduler - Symantec Corporation - C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Programfiler \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Programfiler \ Fellesfiler \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Programfiler \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programfiler \ Fellesfiler \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - c: \ progra ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C: \ Programfiler \ Fellesfiler \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C: \ Programfiler \ Fellesfiler \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Programfiler \ Fellesfiler \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown owner - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ MSINFO \ MSInfnd.exe (fil mangler)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programfiler \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Programfiler \ Yahoo! \ NAV \ iwp \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Unknown owner - C: \ Program Files \ Cyberlink \ Shared Files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Programfiler \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 11469 bytes

[evilfantasy]

Jeg messed opp deler av veibeskrivelsen fra tidligere.

Loggen ser fin skjønt, hvordan er det PC nå?

[sungod000]

Its gone! Takk så mye for hjelpen!

[evilfantasy]

Høres bra ut. Jeg utelatt nedlastingskoblingen fra post # 2 for Spybot. Jeg foreslår at du installerer og kjører en scan med det. Laste ned Spybot-S & D Bruk instruksjoner fra post # 2 for å sette dem opp riktig.


Dette er et godt tidspunkt å tømme smittet systemgjenopprettingspunkt poeng og oppretter en ny ren gjenopprettingspunktet:

• Gå til Start > Alle programmer > Tilbehør > Systemverktøy > Systemgjenoppretting
• Velg Opprett et gjenopprettingspunkt, Og klikk Neste.
• Deretter går du Start > Løpe og skriv inn cleanmgr
• Velg Flere valg tab
• Siden Systemgjenoppretting klikk Rydd opp ...

Dette vil fjerne alle gjenopprettingspunkt bortsett fra det nye du nettopp opprettet.


Sjekk ut dette innlegget gratis verktøy og tips for å holde PC og selv trygt i fremtiden.

Dette innlegget har gratis verktøy og råd for å holde PCen kjører glatt i fremtiden.

[Localhost]

Du var infisert av en RAT (Remote Administration Tool). Jeg vil gjøre et søk etter en klog .* fil til og sletter det, skal normalt være i enten System32 eller Windows-mappen.

RAT er virkelig populære hos script kiddies og bruke cryptors å hindre AV gjenkjenning og bindemidler, slik at de kan binde trojaneren å Apps.

Da jeg fant ut at jeg ble hacket av en RAT, ved å laste ned warez, hadde jeg en titt på programmet selv, og det hadde en dritt masse funksjoner keylog, webcam viewer, passord cache. SO sjansene er når du har hørt musikk å spille, var noen manuelt gå gjennom filer og åpne dem.

Hvis du kommer over samme aktiviteter som musikk spilles, passord endret eller ditt webkamera slått på så i stedet for å installere en masse unyttig AV programmer og Malware fjerning crap. Sjekk din Installed Components i registeret.

HKEY_LOCAL_MACHINE> Programvare> Microsoft> Active Setup> Installed Components, og klikk på hver av mappene og ser etter en oppføring som bare har en STUBPATH peker til en. exe i system32 eller i Windows-mappen.

Å se om det er det. Exe i aktiv oppstart, navigere til den og kjøre den. Hvis det står at det blir brukt av et annet program og navn på. Exe isnt vises i prosessen liste så den blir injisert i en annen prosess, for eksempel defualt broswer (IE). Deretter kan du bruke HJT å slette filen ved start og åpenbart slette registeroppføring.

RAT's er de samme som IRCBOT men en RAT bare har en GUI, ville jeg anbefale en brannmur, derfor hvis et program ønsker tilfeldig koble til internett kan du benekte det, og fortsatt bruke programmet. Fordi trojaneren er binded til installasjonsfilen, den trojanske ekstrakter og utfører når du skal til å installere og vil forsøke å gjøre en exteernal tilkobling, og hvis du blokkerer det så har du en trojan men Arnt smittet fordi det vil bare sitte i en katalog gjør ingen ting.

Beklager å blabber på, håper dette har gitt deg en bredere horisont på den potensielle faren for rotter og IRCbots.

Brad

[sungod000]

Hei Brad takk for info.
Jeg gjorde det du sa og alt det. Exe nevnt i stubpaths at jeg dobbelt klikket var ikke brukes av et annet program. Så ... betyr det jeg er ok?

Takk for hjelpen.

[evilfantasy]

Localhost ønsker du tankene gi meg noen referanser som for malware fjerning bakgrunnen? På hva forum gjør du vanligvis bistå i malware fjerning.

[Localhost]

Sitat:

Originally Posted by sungod000

Hei Brad takk for info.
Jeg gjorde det du sa og alt det. Exe nevnt i stubpaths at jeg dobbelt klikket var ikke brukes av et annet program. Så ... betyr det jeg er ok?

Takk for hjelpen.

Hadde det bare viser en stubpath og ingenting annet? Du kan se på feil tast. Det bare sier stubpath og så rett og slett et sted.