[guccijana]

her, vi går igen

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 11:13:49 den 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Avast4Software \ Avast4 \ aswUpdSv.exe
C: \ Programmer \ Avast4Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Dell \ Media Experience \ PCMService.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ PROGRA ~ 1 \ AVAST4 ~ 1 \ Avast4 \ ashDisp.exe
C: \ Programmer \ QuickTime \ QTTask.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Linksys EASYLINK Advisor \ LinksysAgent.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programmer \ CIFPFiltering \ FilterService.exe
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Programmer \ Avast4Software \ Avast4 \ ashMaiSv.exe
C: \ Programmer \ Avast4Software \ Avast4 \ ashWebSv.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ Programmer \ Avast4Software \ Avast4 \ ashSimpl.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ Programmer \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Programmer \ Windows NT \ Tilbehør \ wordpad.exe
C: \ Documents and Settings \ Tatjana Blazevic \ Desktop \ sniper.exe.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - (no file)
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Programmer \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programmer \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Programmer \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programmer \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [Epson Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "Epson Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ AVAST4 ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeret
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [EasyLinkAdvisor] "C: \ Programmer \ Linksys EASYLINK Advisor \ LinksysAgent.exe" / start
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://prerelease.trendmicro-europe....vex/hcImpl.cab
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) --
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ASP.NET stat Service (aspnet_state) - Ukendt ejer - C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ aspn et_state.exe (filen mangler)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programmer \ Avast4Software \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati Genvejstast Poller - Unknown ejer - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programmer \ Avast4Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programmer \ Avast4Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programmer \ Avast4Software \ Avast4 \ ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: BrSplService (Brother XP SPL Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown ejer - C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown ejer - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe

--
End of file - 11218 bytes

[evilfantasy]

Åbn HijackThis og vælg Må en systemscanning kun.

Anbringe en markering ved siden af følgende poster:

O2 - BHO: (no name) - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - (no file)
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)


Luk alle vinduer undtagen HijackThis og klik Fix kontrolleres.

Afslut Hijackthis.

----------

Downloade DrWeb CureIt & Gemme den på dit skrivebord.

Scan med DrWeb-CureIt som følger:

• Dobbeltklik på drweb-cureit.exe og klik derefter på Start.
• En Express Scan af din pc meddelelse vil blive vist.
• Under Start Express Scan Nu Klik på OK at starte.
  • Dette er en kort-scanning, der vil scanne filer i øjeblikket kører i hukommelsen.
  • Hvis eller når noget er fundet, skal du klikke på Ja knappen, når den beder dig, hvis du ønsker at helbrede den.
• Når den korte scanningen er færdig, klik Valg> Skift indstillinger
• Vælg den Scan fanen og Fjern markeringen Heuristisk analyse og klik OK
• Tilbage i hovedvinduet, skal du vælge Komplet scanning knappen.
• Klik derefter på Green Arrow Start Scanning knappen til højre og scanningen vil starte.
  • Klik på Ja til alle hvis den spørger om du vil helbrede / flytte nogen file (r).
• Når scanningen er færdig.
• I Dr.Web CureIt menuen øverst til venstre, klik på Fil og vælge Gem rapport liste.
• Gem DrWeb.csv rapport til din Desktop.
• Afslut Dr.Web Cureit.

• Vigtigt! Genstart din computer, fordi det kunne være muligt, at filerne er i brug, vil blive flyttet / slettet under genstart.

• Efter genstart, Højreklik på Det Dr.Web log på skrivebordet og vælge Åbn med> Notesblok
• Kopier og indsæt at logge på det næste svar

----------

Næste post
Dr. weblogfilen

[guccijana]

Oki sin scanning nu - det har fundet en virus CFd.exe!! udseende sin igangværende tage et stykke tid?

Jeg var leder gennem forum og woooow der er så mange mennesker med vira hehe

[evilfantasy]

CFd.exe er faktisk ikke en virus, men det kan være blevet smittet med en og vil gøre nogen skade i at blive fjernet.

[guccijana]

skal jeg fjerne det manuelt?? eller?

[evilfantasy]

Nr. scanneren vil tage sig af det.

[guccijana]

fremskridt 27% scanneren fundet to filer ene er "

-cfd.exe-(adware) indsats fanen --- uhelbredelige slette>> vil det slette?
-reg-ubp2b Tatjana b.reg (trojanske Startpage)-aktion fane-udgår

[guccijana]

hvad betyder

• Vigtigt! Genstart din computer, fordi det kunne være muligt, at filerne er i brug, vil blive flyttet / slettet under genstart. betyde???

Hvordan gør jeg det?

[evilfantasy]

Bare genstarte computeren, hvis Dr. Web ikke gøre det for dig.

Vi vil få at se log for at være sikker på, at alt er gået. Det bør ikke tage meget længere tid nu.

[guccijana]

ohh okay, sine op til 70% næsten færdig