mindre egenkapital

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Sikkerhed
Reload this Page

Malware Removal - Hjælp

Registrer Site Spy Medlem List Donate Søgning Dagens Stillinger Mark Forums Read Forum Regler

Register


 Default 

Malware Removal - Hjælp




Reply
Side 1 af 3 1 23
 
Thread Tools
  #1  
Old 8. april 2008, 06:55
Medlem Gruppen
  
Default Malware Removal - Hjælp

Vi har alle de skridt, indtil Java. downloadet det, men det sagde "Det lykkedes ikke at verificere ægtheden ...... installerer og kører denne kode er ikke tilladt." Please advise.
  #2  
Old 8. april 2008, 07:36
Redaktør Gruppen
  
Default Malware Removal - Hjælp

Gå til Start> Kontrolpanel og åbne Java kontrolpanelet findes der. Brug update option og se om det virker.
__________________
  #3  
Old 8. april 2008, 08:38
Medlem Gruppen
  
Default Malware Removal - Hjælp

Citat:
Oprindeligt Indsendt af evilfantasy View Post
Gå til Start> Kontrolpanel og åbne Java kontrolpanelet findes der. Brug update option og se om det virker.
Der er ingen Java opdatering muligheden der.
  #4  
Old 8. april 2008, 08:39
Redaktør Gruppen
  
Default Malware Removal - Hjælp

Prøv at få det fra her www.java.com

Hvis det ikke virker så bare gå til det næste skridt, og vi vil beskæftige sig med den senere.
__________________
  #5  
Old 8. april 2008, 09:34
Donor-Gruppen
  
Default Malware Removal - Hjælp

Der bør være et Java ikonet Jeg vil vædde på din i kategori henblik se din øverste venstre og "Skift til klassisk visning" og du bør derefter se et Java-ikon.

Attached Thumbnails
Malware Removal - Help-category.jpg   Malware Removal - Help-java.jpg  
  #6  
Old 8. april 2008, 09:38
Medlem Gruppen
  
Default Malware Removal - Hjælp

Vi har alle de skridt, og vi stadig har de samme problemer

Her er de logfiler ...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2008 at 03:41

Application Version: 4.0.1154

Core Rules Database Version: 3432
Trace Rules Database Version: 1424

Scan type: Complete Scan
Total Scan Time: 01:38:06

Memory poster scannet: 626
Memory trusler opdaget: 4
Topdomæneadministratoren poster scannet: 6141
Topdomæneadministratoren trusler opdaget: 38
File poster skannet: 101242
File trusler opdaget: 114

Adware.Vundo Variant / Resident
C: \ WINDOWS \ SYSTEM32 \ IIFFGECT.DLL
C: \ WINDOWS \ SYSTEM32 \ IIFFGECT.DLL

Adware.Vundo-Variant/Small-A
C: \ WINDOWS \ SYSTEM32 \ BVJKLPEJ.DLL
C: \ WINDOWS \ SYSTEM32 \ BVJKLPEJ.DLL
HKLM \ Software \ Classes \ CLSID \ (65701471-4c01-4415-A067-51bacdf39b8b)
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B)
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B) \ InprocServer32
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (65701471-4c01-4415-A067-51bacdf39b8b)
C: \ System Volume Information \ _restore (202550A8-7A33-4BCA-9586-051D24DDBF8F) \ RP26 \ A0001080.DLL
C: \ System Volume Information \ _restore (202550A8-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001330.DLL
C: \ System Volume Information \ _restore (202550A8-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001331.DLL
C: \ System Volume Information \ _restore (202550A8-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001337.DLL
C: \ WINDOWS \ SYSTEM32 \ HXYIXXAO.DLL
C: \ WINDOWS \ SYSTEM32 \ NALJPONC.DLL

Trojan.Downloader-NewJuan/VM
C: \ WINDOWS \ SYSTEM32 \ FUCLNHJD.DLL
C: \ WINDOWS \ SYSTEM32 \ FUCLNHJD.DLL

MyWay Search Assistant Computere
C: \ Programmer \ MYWAYSA \ SRCHASDE \ 1.BIN \ DESRCAS.DLL
C: \ Programmer \ MYWAYSA \ SRCHASDE \ 1.BIN \ DESRCAS.DLL
HKLM \ Software \ Classes \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ Programmerbar
HKLM \ Software \ Classes \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Control
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ MiscStatus
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ MiscStatus \ 1
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ ProgID
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Programmerbar
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ TypeLib
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Version
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ VersionIndependentProgID
HKLM \ Software \ Classes \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ Programmerbar
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKU \. DEFAULT \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKU \ S-1-5-21-1376253242-3474823476-3209291414-1006 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKU \ S-1-5-18 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)

Adware.Vundo-Variant
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (D0CC2EC3-123b-4668-8346-A755825F6866)
HKCR \ CLSID \ (D0CC2EC3-123b-4668-8346-A755825F6866)
HKCR \ CLSID \ (D0CC2EC3-123b-4668-8346-A755825F6866) \ InprocServer32
HKCR \ CLSID \ (D0CC2EC3-123b-4668-8346-A755825F6866) \ InprocServer32 # ThreadingModel

Adware.Tracking Cookie
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ 2o7 [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@a.websponsors [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ AdMarketplace [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ adrevolver [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ adrevolver [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ads.addynamix [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ reklame [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@as-us.falkag [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ atdmt [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ atwola [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ belnk [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ bfast [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ bizrate [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ burstnet [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@c1.zedo [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ casalemedia [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@dist.belnk [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wfkykpdzigp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wgmyoidjmfo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjkokicpmlo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjkygpczmep.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjliahajicp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjliwkc5kcp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjlockajgho.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjlykldpgfo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-bestbuy.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-cbot.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-dig.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-gamespot.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-hasbro.hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-legonewyorkinc.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-sonycomputer.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ fastclick [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ford.112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@icc.intellisrv [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ indextools [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ insightexpressai [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ interclick [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@login.tracking101 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@media.fastclick [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ mediaplex [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ nextag [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ overture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@perf.overture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@pt.crossmediaservic es [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ questionmarket [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ RealMedia [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ indtægter [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ revsci [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ servering-sys [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@sonycorporate.122.2 O7 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ statcounter [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@stats.gamestop [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ tacoda [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ valueclick [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@z1.adserver [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ Zedo [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ 2o7 [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ adknowledge [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ AdMarketplace [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ adrevolver [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ adtech [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@adv.surinter [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ reklame [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ apmebf [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@as-us.falkag [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ atdmt [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ burstnet [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ casalemedia [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@edge.ru4 [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ehg-legonewyorkinc.hitbox [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ehg-sonycomputer.hitbox [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ fastclick [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ hitbox [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ insightexpressai [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ interclick [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ mediaplex [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@pt.crossmediaservices [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ questionmarket [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ RealMedia [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ indtægter [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@server.cpmstar [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@stats.gamestop [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@statse.webtrendslive [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ trafficmp [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ valueclick [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ Zedo [2]. Txt



Malwarebytes' Anti-Malware 1.10
Database version: 598

Scan type: Full Scan (C: \ |)
Objekter skannet: 135868
Tidsforbrug: 59 minut (ter), 20 sekund (s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registreringsdatabasenøgler Inficerede: 14
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(Nr. ondsindede elementer opdaget)

Memory Modules Infected:
C: \ WINDOWS \ SYSTEM32 \ pcpthqbs.dll (Trojan.Vundo) -> losses modul held.
C: \ WINDOWS \ SYSTEM32 \ vtUkklLF.dll (Trojan.Vundo) -> losses modul held.

Registreringsdatabasenøgler Inficerede:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (0d204632-0f04-4faa-965c-af04ba91e9aa) (Trojan.Vundo) -> Slet om genstart.
HKEY_CLASSES_ROOT \ CLSID \ (0d204632-0f04-4faa-965c-af04ba91e9aa) (Trojan.Vundo) -> Slet om genstart.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aoprndtws (Malware.Trace) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ jkwslist (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ aldd (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ MS Juan (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ rdfa (Trojan.Vundo) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Juan (Trojan.Vundo) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantæne og slettet.

Registry Values Infected:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser \ (b7d3e479-cc68-42b5-a338-938ece35f419) (Adware.Softomate) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMf7889183 (Trojan.Agent) -> Slet om genstart.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: C: \ Windows \ system32 \ vtukkllf -> karantæne og slettet.

Folders Infected:
(Nr. ondsindede elementer opdaget)

Files Infected:
C: \ WINDOWS \ SYSTEM32 \ pcpthqbs.dll (Trojan.Vundo) -> Slet om genstart.
C: \ WINDOWS \ SYSTEM32 \ sbqhtpcp.ini (Trojan.Vundo) -> karantæne og slettet.
C: \ WINDOWS \ SYSTEM32 \ vtUkklLF.dll (Trojan.Vundo) -> Slet om genstart.
C: \ WINDOWS \ SYSTEM32 \ FLlkkUtv.ini (Trojan.Vundo) -> karantæne og slettet.
C: \ WINDOWS \ SYSTEM32 \ FLlkkUtv.ini2 (Trojan.Vundo) -> karantæne og slettet.
C: \ WINDOWS \ SYSTEM32 \ qwlinvmk.dll (Trojan.Agent) -> Slet om genstart.



Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 11:21:13 den 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Common Files \ Symantec Shared \ ccProxy.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Programmer \ Norton Internet Security \ ISSVC.exe
C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Programmer \ Sony \ Shared Plug-Ins \ Media Manager \ MSSQL $ SONY_MEDIAMGR \ Binn \ Sqlservr.exe
C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Programmer \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Programmer \ Yahoo! \ Search Protection \ SearchProtection.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Analog Devices \ Core \ smax4pnp.exe
C: \ Programmer \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe
C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programmer \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnf.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
C: \ Programmer \ Hewlett-Packard \ HP Software Update \ HPWuSchd2.exe
C: \ Programmer \ HP \ hpcoretech \ hpcmpmgr.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Programmer \ Common Files \ LogiShrd \ LComMgr \ Communications_Helper.exe
C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programmer \ Logitech \ Desktop Messenger \ 8876480 \ Programmer \ LogitechDesktopMessenger. Exe
C: \ Programmer \ Stardock \ ObjectDock \ ObjectDock.exe
C: \ WINDOWS \ msn.com
C: \ Programmer \ Common Files \ Logishrd \ LQCVFX \ COCIManager.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window title = Microsoft Internet Explorer leveret af En-Tel Communications, LLC
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn1 \ yt.dll
R3 - URLSearchHook: (no name) - (38E77F06-89FC-44F5-B3AB-11DDEB791947) - C: \ Programmer \ FrontierSH \ SrchHelp \ frSrcAs.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn1 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programmer \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: (no name) - (38E77F01-89FC-44F5-B3AB-11DDEB791947) - C: \ Programmer \ FrontierSH \ SrchHelp \ frSrcAs.dll
O2 - BHO: (31e8cbc1-30d8-bf99-0294-19db1acbcf74) - (47fcbca1-bd91-4920-99fb-8d031cbc8e13) - C: \ WINDOWS \ system32 \ xygpcrbt.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: (no name) - (6A35C34E-EE48-425F-B809-C6D64566FE2A) - C: \ WINDOWS \ system32 \ khfDwuvw.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (8E1BFC0E-8AD2-424D-AC8A-06038481516E) - C: \ WINDOWS \ system32 \ ljJDSihG.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - (9ECB9560-04F9-4bbc-943D-298DDF1699E1) - C: \ Programmer \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O2 - BHO: FrontierBA BHO - (A93A3CC1-BA23-4d0d-9440-6A0148362B7E) - C: \ Programmer \ FrontierBA \ BrowserAssistant \ fbabar.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: CNavExtBho Class - (BDF3E430-B101-42AD-A544-FADC6B084872) - C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: Norton Internet Security - (0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7) - C: \ Programmer \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn1 \ yt.dll
O3 - Toolbar: & Frontier Browser Assistant - (A93A3CC9-BA23-4d0d-9440-6A0148362B7E) - C: \ Programmer \ FrontierBA \ BrowserAssistant \ fbabar.dll
O4 - HKLM \ .. \ Run: [YSearchProtection] "C: \ Programmer \ Yahoo! \ Search Protection \ SearchProtection.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Consumer
O4 - HKLM \ .. \ Run: [SoundMAXPnP] C: \ Programmer \ Analog Devices \ Core \ smax4pnp.exe
O4 - HKLM \ .. \ Run: [Share-to-Web Namespace Daemon] C: \ Programmer \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [ISUSPM Startup] C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ installere ~ 1 \ UPDATE ~ 1 \ ISUSPM.exe-start
O4 - HKLM \ .. \ Run: [IntelMeM] C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [HPDJ Proceslinje Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Programmer \ Hewlett-Packard \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [HP Component Manager] "C: \ Programmer \ HP \ hpcoretech \ hpcmpmgr.exe"
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [LogitechCommunicationsManager] "C: \ Programmer \ Common Files \ LogiShrd \ LComMgr \ Communications_Helper.exe"
O4 - HKLM \ .. \ Run: [LogitechQuickCamRibbon] "C: \ Programmer \ Logitech \ QuickCam \ Quickcam.exe" / skjul
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Windows Live Messenger] msn.com
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [BMf7889183] rundll32.exe "C: \ WINDOWS \ system32 \ vmptfdge.dll", s
O4 - HKLM \ .. \ Run: [f4bba21f] rundll32.exe "C: \ WINDOWS \ system32 \ jmiaxofx.dll", b
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [CTSyncU.exe] "C: \ Programmer \ Creative \ Sync Manager Unicode \ CTSyncU.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C: \ Programmer \ Stardock \ ObjectDock \ ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Programmer \ Logitech \ Desktop Messenger \ 8876480 \ Programmer \ LogitechDesktopMessenger. Exe
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Ekstra knap: Blog Denne - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Programmer \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra 'Tools' MENUITEM: & Blog Dette i Windows Live Writer - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Programmer \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.en-tel.com
O16 - DPF: (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) (QuickTime Plugin Control) -- http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1120134982093
O16 - DPF: (AB86CE53-AC9F-449F-9399-D8ABCA09EC09) (Get_ActiveX Control) -- https: / / h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: bwfile-8876480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Programmer \ Logitech \ Desktop Messenger \ 8876480 \ Program \ GAPlugProtocol-8876480.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: ljJDSihG - C: \ WINDOWS \ SYSTEM32 \ ljJDSihG.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: DSBrokerService - Ukendt ejer - C: \ Programmer \ DellSupport \ brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C: \ Programmer \ Norton Internet Security \ ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Programmer \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe

--
End of file - 15124 bytes
  #7  
Old 8. april 2008, 09:45
Medlem Gruppen
  
Default Malware Removal - Hjælp

Vi har alle de skridt, og det er stadig ikke fungerer.


Her er de logfiler ...


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2008 at 03:41

Application Version: 4.0.1154

Core Rules Database Version: 3432
Trace Rules Database Version: 1424

Scan type: Complete Scan
Total Scan Time: 01:38:06

Memory poster scannet: 626
Memory trusler opdaget: 4
Topdomæneadministratoren poster scannet: 6141
Topdomæneadministratoren trusler opdaget: 38
File poster skannet: 101242
File trusler opdaget: 114

Adware.Vundo Variant / Resident
C: \ WINDOWS \ SYSTEM32 \ IIFFGECT.DLL
C: \ WINDOWS \ SYSTEM32 \ IIFFGECT.DLL

Adware.Vundo-Variant/Small-A
C: \ WINDOWS \ SYSTEM32 \ BVJKLPEJ.DLL
C: \ WINDOWS \ SYSTEM32 \ BVJKLPEJ.DLL
HKLM \ Software \ Classes \ CLSID \ (65701471-4c01-4415-A067-51bacdf39b8b)
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B)
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B) \ InprocServer32
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (65701471-4c01-4415-A067-51bacdf39b8b)
C: \ System Volume Information \ _restore (202550A8-7A33-4BCA-9586-051D24DDBF8F) \ RP26 \ A0001080.DLL
C: \ System Volume Information \ _restore (202550A8-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001330.DLL
C: \ System Volume Information \ _restore (202550A8-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001331.DLL
C: \ System Volume Information \ _restore (202550A8-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001337.DLL
C: \ WINDOWS \ SYSTEM32 \ HXYIXXAO.DLL
C: \ WINDOWS \ SYSTEM32 \ NALJPONC.DLL

Trojan.Downloader-NewJuan/VM
C: \ WINDOWS \ SYSTEM32 \ FUCLNHJD.DLL
C: \ WINDOWS \ SYSTEM32 \ FUCLNHJD.DLL

MyWay Search Assistant Computere
C: \ Programmer \ MYWAYSA \ SRCHASDE \ 1.BIN \ DESRCAS.DLL
C: \ Programmer \ MYWAYSA \ SRCHASDE \ 1.BIN \ DESRCAS.DLL
HKLM \ Software \ Classes \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ Programmerbar
HKLM \ Software \ Classes \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Control
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ MiscStatus
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ MiscStatus \ 1
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ ProgID
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Programmerbar
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ TypeLib
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Version
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ VersionIndependentProgID
HKLM \ Software \ Classes \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ Programmerbar
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKU \. DEFAULT \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKU \ S-1-5-21-1376253242-3474823476-3209291414-1006 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKU \ S-1-5-18 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)

Adware.Vundo-Variant
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (D0CC2EC3-123b-4668-8346-A755825F6866)
HKCR \ CLSID \ (D0CC2EC3-123b-4668-8346-A755825F6866)
HKCR \ CLSID \ (D0CC2EC3-123b-4668-8346-A755825F6866) \ InprocServer32
HKCR \ CLSID \ (D0CC2EC3-123b-4668-8346-A755825F6866) \ InprocServer32 # ThreadingModel

Adware.Tracking Cookie
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ 2o7 [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@a.websponsors [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ AdMarketplace [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ adrevolver [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ adrevolver [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ads.addynamix [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ reklame [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@as-us.falkag [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ atdmt [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ atwola [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ belnk [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ bfast [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ bizrate [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ burstnet [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@c1.zedo [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ casalemedia [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@dist.belnk [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wfkykpdzigp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wgmyoidjmfo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjkokicpmlo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjkygpczmep.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjliahajicp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjliwkc5kcp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjlockajgho.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@e-2dj6wjlykldpgfo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-bestbuy.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-cbot.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-dig.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-gamespot.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-hasbro.hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-legonewyorkinc.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ehg-sonycomputer.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ fastclick [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@ford.112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@icc.intellisrv [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ indextools [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ insightexpressai [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ interclick [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@login.tracking101 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@media.fastclick [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ mediaplex [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ nextag [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ overture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@perf.overture [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@pt.crossmediaservic es [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ questionmarket [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ RealMedia [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ indtægter [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ revsci [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ servering-sys [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@sonycorporate.122.2 O7 [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ statcounter [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@stats.gamestop [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ tacoda [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ valueclick [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ dustin@z1.adserver [1]. Txt
C: \ Documents and Settings \ Dustin \ Cookies \ Dustin @ Zedo [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ 2o7 [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ adknowledge [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ AdMarketplace [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ adrevolver [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ adtech [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@adv.surinter [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ reklame [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ apmebf [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@as-us.falkag [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ atdmt [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ burstnet [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ casalemedia [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@edge.ru4 [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ehg-legonewyorkinc.hitbox [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@ehg-sonycomputer.hitbox [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ fastclick [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ hitbox [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ insightexpressai [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ interclick [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ mediaplex [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@pt.crossmediaservices [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ questionmarket [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ RealMedia [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ indtægter [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@server.cpmstar [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@stats.gamestop [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ dylan@statse.webtrendslive [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ trafficmp [1]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ valueclick [2]. Txt
C: \ Documents and Settings \ Dylan \ Cookies \ Dylan @ Zedo [2]. Txt







Malwarebytes' Anti-Malware 1.10
Database version: 598

Scan type: Full Scan (C: \ |)
Objekter skannet: 135868
Tidsforbrug: 59 minut (ter), 20 sekund (s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registreringsdatabasenøgler Inficerede: 14
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(Nr. ondsindede elementer opdaget)

Memory Modules Infected:
C: \ WINDOWS \ SYSTEM32 \ pcpthqbs.dll (Trojan.Vundo) -> losses modul held.
C: \ WINDOWS \ SYSTEM32 \ vtUkklLF.dll (Trojan.Vundo) -> losses modul held.

Registreringsdatabasenøgler Inficerede:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (0d204632-0f04-4faa-965c-af04ba91e9aa) (Trojan.Vundo) -> Slet om genstart.
HKEY_CLASSES_ROOT \ CLSID \ (0d204632-0f04-4faa-965c-af04ba91e9aa) (Trojan.Vundo) -> Slet om genstart.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aoprndtws (Malware.Trace) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ jkwslist (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ aldd (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ MS Juan (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> karantæne og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ rdfa (Trojan.Vundo) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Juan (Trojan.Vundo) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantæne og slettet.

Registry Values Infected:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser \ (b7d3e479-cc68-42b5-a338-938ece35f419) (Adware.Softomate) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMf7889183 (Trojan.Agent) -> Slet om genstart.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: C: \ Windows \ system32 \ vtukkllf -> karantæne og slettet.

Folders Infected:
(Nr. ondsindede elementer opdaget)

Files Infected:
C: \ WINDOWS \ SYSTEM32 \ pcpthqbs.dll (Trojan.Vundo) -> Slet om genstart.
C: \ WINDOWS \ SYSTEM32 \ sbqhtpcp.ini (Trojan.Vundo) -> karantæne og slettet.
C: \ WINDOWS \ SYSTEM32 \ vtUkklLF.dll (Trojan.Vundo) -> Slet om genstart.
C: \ WINDOWS \ SYSTEM32 \ FLlkkUtv.ini (Trojan.Vundo) -> karantæne og slettet.
C: \ WINDOWS \ SYSTEM32 \ FLlkkUtv.ini2 (Trojan.Vundo) -> karantæne og slettet.
C: \ WINDOWS \ SYSTEM32 \ qwlinvmk.dll (Trojan.Agent) -> Slet om genstart.








Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 11:21:13 den 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Common Files \ Symantec Shared \ ccProxy.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Programmer \ Norton Internet Security \ ISSVC.exe
C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Programmer \ Sony \ Shared Plug-Ins \ Media Manager \ MSSQL $ SONY_MEDIAMGR \ Binn \ Sqlservr.exe
C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Programmer \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Programmer \ Yahoo! \ Search Protection \ SearchProtection.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Analog Devices \ Core \ smax4pnp.exe
C: \ Programmer \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe
C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programmer \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnf.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
C: \ Programmer \ Hewlett-Packard \ HP Software Update \ HPWuSchd2.exe
C: \ Programmer \ HP \ hpcoretech \ hpcmpmgr.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Programmer \ Common Files \ LogiShrd \ LComMgr \ Communications_Helper.exe
C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programmer \ Logitech \ Desktop Messenger \ 8876480 \ Programmer \ LogitechDesktopMessenger. Exe
C: \ Programmer \ Stardock \ ObjectDock \ ObjectDock.exe
C: \ WINDOWS \ msn.com
C: \ Programmer \ Common Files \ Logishrd \ LQCVFX \ COCIManager.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window title = Microsoft Internet Explorer leveret af En-Tel Communications, LLC
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn1 \ yt.dll
R3 - URLSearchHook: (no name) - (38E77F06-89FC-44F5-B3AB-11DDEB791947) - C: \ Programmer \ FrontierSH \ SrchHelp \ frSrcAs.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn1 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programmer \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: (no name) - (38E77F01-89FC-44F5-B3AB-11DDEB791947) - C: \ Programmer \ FrontierSH \ SrchHelp \ frSrcAs.dll
O2 - BHO: (31e8cbc1-30d8-bf99-0294-19db1acbcf74) - (47fcbca1-bd91-4920-99fb-8d031cbc8e13) - C: \ WINDOWS \ system32 \ xygpcrbt.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: (no name) - (6A35C34E-EE48-425F-B809-C6D64566FE2A) - C: \ WINDOWS \ system32 \ khfDwuvw.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (8E1BFC0E-8AD2-424D-AC8A-06038481516E) - C: \ WINDOWS \ system32 \ ljJDSihG.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - (9ECB9560-04F9-4bbc-943D-298DDF1699E1) - C: \ Programmer \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O2 - BHO: FrontierBA BHO - (A93A3CC1-BA23-4d0d-9440-6A0148362B7E) - C: \ Programmer \ FrontierBA \ BrowserAssistant \ fbabar.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: CNavExtBho Class - (BDF3E430-B101-42AD-A544-FADC6B084872) - C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: Norton Internet Security - (0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7) - C: \ Programmer \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn1 \ yt.dll
O3 - Toolbar: & Frontier Browser Assistant - (A93A3CC9-BA23-4d0d-9440-6A0148362B7E) - C: \ Programmer \ FrontierBA \ BrowserAssistant \ fbabar.dll
O4 - HKLM \ .. \ Run: [YSearchProtection] "C: \ Programmer \ Yahoo! \ Search Protection \ SearchProtection.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Consumer
O4 - HKLM \ .. \ Run: [SoundMAXPnP] C: \ Programmer \ Analog Devices \ Core \ smax4pnp.exe
O4 - HKLM \ .. \ Run: [Share-to-Web Namespace Daemon] C: \ Programmer \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [ISUSPM Startup] C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ installere ~ 1 \ UPDATE ~ 1 \ ISUSPM.exe-start
O4 - HKLM \ .. \ Run: [IntelMeM] C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [HPDJ Proceslinje Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Programmer \ Hewlett-Packard \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [HP Component Manager] "C: \ Programmer \ HP \ hpcoretech \ hpcmpmgr.exe"
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [LogitechCommunicationsManager] "C: \ Programmer \ Common Files \ LogiShrd \ LComMgr \ Communications_Helper.exe"
O4 - HKLM \ .. \ Run: [LogitechQuickCamRibbon] "C: \ Programmer \ Logitech \ QuickCam \ Quickcam.exe" / skjul
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Windows Live Messenger] msn.com
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [BMf7889183] rundll32.exe "C: \ WINDOWS \ system32 \ vmptfdge.dll", s
O4 - HKLM \ .. \ Run: [f4bba21f] rundll32.exe "C: \ WINDOWS \ system32 \ jmiaxofx.dll", b
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [CTSyncU.exe] "C: \ Programmer \ Creative \ Sync Manager Unicode \ CTSyncU.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C: \ Programmer \ Stardock \ ObjectDock \ ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Programmer \ Logitech \ Desktop Messenger \ 8876480 \ Programmer \ LogitechDesktopMessenger. Exe
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Ekstra knap: Blog Denne - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Programmer \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra 'Tools' MENUITEM: & Blog Dette i Windows Live Writer - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Programmer \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.en-tel.com
O16 - DPF: (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) (QuickTime Plugin Control) -- http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1120134982093
O16 - DPF: (AB86CE53-AC9F-449F-9399-D8ABCA09EC09) (Get_ActiveX Control) -- https: / / h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: bwfile-8876480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Programmer \ Logitech \ Desktop Messenger \ 8876480 \ Program \ GAPlugProtocol-8876480.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: ljJDSihG - C: \ WINDOWS \ SYSTEM32 \ ljJDSihG.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: DSBrokerService - Ukendt ejer - C: \ Programmer \ DellSupport \ brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C: \ Programmer \ Norton Internet Security \ ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Programmer \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Programmer \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Programmer \ Norton Internet Security \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe

--
End of file - 15124 bytes
  #8  
Old 8. april 2008, 09:48
Medlem Gruppen
  
Default Malware Removal - Hjælp

Jeg indsendt mine logfiler to gange, og de holder forsvinder. så vi har alle de skridt, og vores computer er stadig har problemer.
  #9  
Old 8. april 2008, 09:55
Donor-Gruppen
  
Default Malware Removal - Hjælp

Har du følger min lille guide om at komme til Java-ikon?
  #10  
Old 8. april 2008, 10:07
Medlem Gruppen
  
Default Malware Removal - Hjælp

Citat:
Oprindeligt Indsendt af kanoakavirus View Post
Har du følger min lille guide om at komme til Java-ikon?
Vi fik det til at arbejde fra java website.
Reply
Side 1 af 3 1 23

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Kontakt -- Privacy -- Sitemap -- Top

Annoncenetværk baseret på bytteøkonomi ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO ved vBSEO © 2009, websteds egnethed til webcrawling, Inc.