|
|
|
|
Hejsa.
Ovennævnte(Trojan.Win32.Delf.zj) trojan, har netop inficeret min maskine.
Kaspersky siger den ligger i c:\windows\system32\gbnagbn.dll
Og den er ikke sådan lige at slippe af med…
Har prøvet med Kaspersky, AVG Anti-spyware og CCleaner, men intet virker. Kan ikke slette filen og ej heller disinficere den.
hjælppp, er ved at være træt af genstarter[xx(]
Hilsen Frost
|
|
|
Administrator
Antal indlæg: 29613
|
Hej Frost og velkommen 
Lad os starte med begyndelsen, så kan vi følge med i hvad der kører på computeren -
Følg lige denne anvisning -> [url=“http://www.spywarefri.dk/forum/links/hjtanv.htm”]
Hijackthis anvisning [/url]
Kopier AVG loggen og hijackthis loggen fra alternativ exe ind i denne tråd
Det gør du ved at klikke på- Svar på emne- knappen, og så kopier det herind.
NB. Når AVG scanningen er færdig, så lad den fixe/Qurantine hvad den finder
|
|
|
|
|
Jeg håber du kan læse mere ud af det her end jeg kan[8)]
————————————————————————————-
AVG Anti-Spyware - Scan Report
————————————————————————————-
+ Created at: 13:32:50 07-03-2007
+ Scan result:
C:\System Volume Information\_restore{AF0DAB57-6072-44BF-BB10-CFF54FAECCF4}\RP3\A0003349.DLL -> Adware.P2PNet : Ignored.
C:\System Volume Information\_restore{AF0DAB57-6072-44BF-BB10-CFF54FAECCF4}\RP3\A0003350.exe -> Adware.P2PNet : Ignored.
C:\WINDOWS\system32\vpgofjbe.exe -> Logger.BZub.hl : Cleaned with backup (quarantined).
F:\Mine dokumenter\My Received Files2\msnadremover.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Ignored.
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Christian Frost\Cookies\christian frost@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Christian Frost\Cookies\christian frost@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 13:38:28, on 07-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\LaCie\Backup Software\LaCieBackup.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {177B0AA7-47AA-44D5-8B81-4F7DB91E01C9} - C:\WINDOWS\system32\gbnagbn.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8C4250BF-C182-DE71-A89F-99C80AF4F53B} - C:\WINDOWS\system\dtsimg32.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe”
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [kav] “C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Programmer\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: vpjvpjdk - C:\WINDOWS\SYSTEM32\gbnagbn.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
********************************* ROOTCHK-(07-03-06)-LOG, by ejvindh
07-03-2007 13:39:39,89
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
Med venlig hilsen
Frost
|
|
|
Administrator
Antal indlæg: 29613
|
Det håber jeg også [:o)]
Download free Trial af SuperAntiSpyware Pro til Skrivebordet:
http://www.superantispyware.com/downloads/SUPERAntiSpywarePro1241.exe
Installer den, og lad den opdatere med nyeste opdateringer.
Så vil den spørge om din mail adresse, det er op til dig selv om du vil udfylde det.Tryk så på Næste og Næste igen -Udfør.
Dansk vejledning her:
http://www.spywarefri.dk/manualer/superantispyware-manual.htm
Luk progammet.
Download cureit til skrivebordet -> [url=“ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe”]
drweb-cureit[/url]
Eller Her
Kør en scanning med Hijackthis, så du kan se alle filer.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
O2 - BHO: (no name) - {177B0AA7-47AA-44D5-8B81-4F7DB91E01C9} - C:\WINDOWS\system32\gbnagbn.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8C4250BF-C182-DE71-A89F-99C80AF4F53B} - C:\WINDOWS\system\dtsimg32.dll
O20 - Winlogon Notify: vpjvpjdk - C:\WINDOWS\SYSTEM32\gbnagbn.dll
Jeg vil foreslå at du printer nedenstående ud, da du ikke kan se vejledingen i fejlsikret tilstand
Genstart til fejlsikret tilstand. Du trykker F8 nogle gange når Windows starter op.
Åbn Stifinder, gå op i værktøjslinjen, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.
Slet nedenstående filer og mapper, mærket med fedt. Bliv ikke forbavset hvis du ikke kan finde alle filer eller mapper, da de kan være fjernet automatisk under fixet med Hijackthis.
Filer:
C:\WINDOWS\SYSTEM32\gbnagbn.dll
C:\WINDOWS\system\dtsimg32.dll
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Første gang Dr.Web finder noget, klik “Yes to All”, så fjerner den hvad den finder.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.
Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik “Yes to All”, så fjerner den hvad den finder.
Når scanningen er færdig, gå op i file – Tryk på- Save Report list.
Så ligger der en en fil der her hedder “drweb.csv” på skrivebordet.
Luk Programmet.
Start superantispyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.
Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.
Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet.
Genstart normalt.
Start superantispyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Dobbeltklik på drweb.csv og kopier teksten fra den herind.
Sammen med en ny hijackthis log, SUPERAntiSpyware Scan Log og fortæl hvordan computeren kører nu
|
|
|
|
|
Tjaae det kan jo så ikke helt lade sig gøre….
Det er lige som om at Hijackthis ikke vil gøre noget ved de 2 linier der indeholder gbnagbn.dll
Og jeg kan heller ikke få lov at slette dem i fejlsikret tilstand…?
Hvad gør jeg så?
Mvh.
Frost
|
|
|
Administrator
Antal indlæg: 29613
|
Kører scannerne, og sender en ny hijackthis log herind sammen med loggene fra drweb og Superantispyware
|
|
|
|
|
Here goes:
Logfile of HijackThis v1.99.1
Scan saved at 15:17:18, on 08-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\LaCie\Backup Software\LaCieBackup.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {177B0AA7-47AA-44D5-8B81-4F7DB91E01C9} - C:\WINDOWS\system32\gbnagbn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe”
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [kav] “C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Programmer\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: vpjvpjdk - C:\WINDOWS\SYSTEM32\gbnagbn.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
gbnagbn.dll c:\windows\system32 Trojan.Click.2054 Cannot cure
A0003350.exe\data001 C:\System Volume Information\_restore{AF0DAB57-6072-44BF-BB10-CFF54FAECCF4}\RP3\A0003350.exe Adware.PeerNet
A0003350.exe C:\System Volume Information\_restore{AF0DAB57-6072-44BF-BB10-CFF54FAECCF4}\RP3 Archive contains infected objects Moved.
A0003377.dll C:\System Volume Information\_restore{AF0DAB57-6072-44BF-BB10-CFF54FAECCF4}\RP3 Trojan.Click.2054 Deleted.
gbnagbn.dll C:\WINDOWS\system32 Trojan.Click.2054 Cannot cure
SUPERAntiSpyware Scan Log
Generated 03/08/2007 at 07:00 PM
Application Version : 3.5.1016
Core Rules Database Version : 3165
Trace Rules Database Version: 1176
Scan type : Complete Scan
Total Scan Time : 00:20:26
Memory items scanned : 172
Memory threats detected : 0
Registry items scanned : 5441
Registry threats detected : 0
File items scanned : 27464
File threats detected : 117
Adware.Tracking Cookie
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@231213211232321[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@rambler[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@doubleclick[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@casalemedia[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@naiadsystems[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@xiti[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@hotlog[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@cassava[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@hitbox[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adtech[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@2o7[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@mb[3].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@1060850046[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@realmedia[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@tradedoubler[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@cgi-bin[5].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adrevolver[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@822868505037396[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adultadworld[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adultfriendfinder[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@advertpro[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@kanoodle[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@sextv1[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@1064639633[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@cgi-bin[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adserver[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@cgi-bin[3].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adfair[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@mb[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@partypoker[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@estat[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@checkstat[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@cgi-bin[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@overture[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@1070352626[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@statcounter[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@yadro[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@spylog[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@cgi-bin[6].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@mb[4].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@clicksor[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adbrite[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@yieldmanager[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@kinxxx[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@clicktorrent[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@easywarez[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@revsci[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@cgi-bin[4].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@mb[6].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@mb[5].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@stats[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@list[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@serving-sys[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@usenext[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@zedo[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@indextools[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@cpvfeed[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@1072730929[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@dealtime[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[2].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@stats24[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@888[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adrevolver[3].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@mtrack[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@1071478609[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@7878315[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@1072242659[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian .[1].txt
C:\Documents and Settings\Christian Frost\Cookies\christian frost@adsrevenue[1].txt
Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\SYSVX.EXE
|
|
|
Redaktør
Antal indlæg: 10177
|
Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4
Dobbeltklik på VundoFix.exe for at køre det. Klik på “Scan for Vundo”-knappen. Når programmet er færdig med at scanne, skal du klikke på “Remove Vundo”-knappen
Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på “Yes”. Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at genstarte computeren. Det skal du acceptere.
Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt
Bemærk: Det er muligt at Vundofix ved første scanning finder en fil, som den ikke kan fjerne i første omgang. Så vil Vundofixet genstarte, og fortsætte efter genstarten. Hvis dette sker, skal du bare følge instruktionerne ovenfor efter genstarten (startende med “Klik på Scan for Vundo-knappen”)
|
|
|
|
|
Bad news i’m affraid
VundoFix fandt intet og bad sikkert derfor ikke om at genstarte…
Det har vel intet at gøre med at Kaspersky kører, og at der er et pop-up vindue fra selv samme?
Den skriver:
Trojan program:
Trojan.Win32.delf.zj
File:
C:\WINDOWS\system32\gbnagbn.dll
A special disinfection procedure is re required which demands system reboot. It is recommended to close all other applications.
OK
Cancel
Når jeg så gør det sker der ikke det store, bortset fra at jeg ikke kan få adgang til internettet længere.
VundoFix V6.3.15
Checking Java version…
Sun Java not detected
Scan started at 20:10:42 08-03-2007
Listing files found while scanning….
No infected files were found.
Beginning removal…
Logfile of HijackThis v1.99.1
Scan saved at 20:37:37, on 08-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\LaCie\Backup Software\LaCieBackup.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {177B0AA7-47AA-44D5-8B81-4F7DB91E01C9} - C:\WINDOWS\system32\gbnagbn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe”
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [kav] “C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Programmer\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: vpjvpjdk - C:\WINDOWS\SYSTEM32\gbnagbn.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
[ Rettet: 08.03.2007, 22:46 af Frost ]
|
|
|
Redaktør
Antal indlæg: 10177
|
Så prøver vi da bare lige en anden
—Hent VirtumundoBeGone, gem det på skrivebordet:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
—Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.
—Det sker sommetider at fixet afslutter med “BSOD”(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.
—Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind, sammen med en frisk Hijackthislog.
|
|
|
|
|
Logfile of HijackThis v1.99.1
Scan saved at 20:50:20, on 08-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\LaCie\Backup Software\LaCieBackup.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {177B0AA7-47AA-44D5-8B81-4F7DB91E01C9} - C:\WINDOWS\system32\gbnagbn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe”
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [kav] “C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Programmer\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: vpjvpjdk - C:\WINDOWS\SYSTEM32\gbnagbn.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
[03/08/2007, 20:49:04] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\Christian Frost\Skrivebord\VirtumundoBeGone.exe” )
[03/08/2007, 20:49:14] - Detected System Information:
[03/08/2007, 20:49:14] - Windows Version: 5.1.2600, Service Pack 2
[03/08/2007, 20:49:14] - Current Username: Christian Frost (Admin)
[03/08/2007, 20:49:14] - Windows is in NORMAL mode.
[03/08/2007, 20:49:14] - Searching for Browser Helper Objects:
[03/08/2007, 20:49:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/08/2007, 20:49:14] - BHO 2: {177B0AA7-47AA-44D5-8B81-4F7DB91E01C9} ()
[03/08/2007, 20:49:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2007, 20:49:14] - Checking for HKLM\...\Winlogon\Notify\gbnagbn
[03/08/2007, 20:49:14] - Key not found: HKLM\...\Winlogon\Notify\gbnagbn, continuing.
[03/08/2007, 20:49:14] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/08/2007, 20:49:14] - Finished Searching Browser Helper Objects
[03/08/2007, 20:49:14] - Finishing up…
[03/08/2007, 20:49:14] - Nothing found! Exiting…
|
|
|
Redaktør
Antal indlæg: 10177
|
Hmm, den er genstridig, så prøver vi denne
—Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)
—Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1
—Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk “y” for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.
Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive “Finished”. Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.
Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind, sammen med en ny log fra Hijackthis.
===========================================
|
|
|
|
|
SDFix: Version 1.69
Run by Christian Frost - 08-03-2007 @ 21:33:14,78
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting…
Normal Mode:
Checking Files:
No Trojan Files Found…
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
—————————
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\\Programmer\\Overnet\\overnet.exe”=“C:\\Programmer\\Overnet\\overnet.exe:*:Enabled:Overnet Application”
“C:\\WINDOWS\\system32\\sessmgr.exe”=“C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019”
“C:\\Programmer\\Messenger\\msmsgs.exe”=“C:\\Programmer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger”
“C:\\Programmer\\KiSS Technology\\KiSS PC-Link\\KiSS PC-Link.exe”=“C:\\Programmer\\KiSS Technology\\KiSS PC-Link\\KiSS PC-Link.exe:*:Enabled:Server Application For KiSS PC-LINK”
“C:\\Programmer\\BitLord\\BitLord.exe”=“C:\\Programmer\\BitLord\\BitLord.exe:*:Enabled:BitLord”
“C:\\Programmer\\ABC\\abc.exe”=“C:\\Programmer\\ABC\\abc.exe:*:Disabled:abc”
“C:\\Programmer\\BitTorrent\\btdownloadgui.exe”=“C:\\Programmer\\BitTorrent\\btdownloadgui.exe:*:Disabled:btdownloadgui”
“D:\\SETUP\\SETUP.EXE”=“D:\\SETUP\\SETUP.EXE:*:Disabled:CA2000”
“C:\\Programmer\\DC++\\DCPlusPlus.exe”=“C:\\Programmer\\DC++\\DCPlusPlus.exe:*:Disabled:DC++”
“C:\\Programmer\\Soulseek\\slsk.exe”=“C:\\Programmer\\Soulseek\\slsk.exe:*:Disabled:SoulSeek”
“D:\\WIZARD\\Wizard.exe”=“D:\\WIZARD\\Wizard.exe:*:Disabled:Warze”
“C:\\Programmer\\Sony Ericsson\\Update Service\\ma3platform.exe”=“C:\\Programmer\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform”
“C:\\Programmer\\eMule\\emule.exe”=“C:\\Programmer\\eMule\\emule.exe:*:Enabled:eMule”
“C:\\Programmer\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe”=“C:\\Programmer\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus”
“C:\\Programmer\\IncrediMail\\bin\\IMApp.exe”=“C:\\Programmer\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail”
“C:\\Programmer\\IncrediMail\\bin\\IncMail.exe”=“C:\\Programmer\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail”
“C:\\Programmer\\IncrediMail\\bin\\ImpCnt.exe”=“C:\\Programmer\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail”
“C:\\Programmer\\RS Secure Folder Hider Pro Full\\sfhpf.exe”=“C:\\Programmer\\RS Secure Folder Hider Pro Full\\sfhpf.exe:*:Enabled:sfhpf”
“C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe”=“C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking”
“C:\\Programmer\\Kazaa\\kazaa.exe”=“C:\\Programmer\\Kazaa\\kazaa.exe:*:Enabled:Kazaa”
“C:\\Programmer\\MSN Messenger\\msncall.exe”=“C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)”
“C:\\Programmer\\MSN Messenger\\msnmsgr.exe”=“C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1”
“C:\\Programmer\\MSN Messenger\\livecall.exe”=“C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)”
“C:\\WINDOWS\\system32\\pkjwngpx.exe”=“C:\\WINDOWS\\system32\\pkjwngpx.exe:*:Disabled:pkjwngpx”
“C:\\WINDOWS\\system32\\vubcaaaa.exe”=“C:\\WINDOWS\\system32\\vubcaaaa.exe:*:Enabled:enable”
“C:\\WINDOWS\\system32\\sysvx.exe”=“C:\\WINDOWS\\system32\\sysvx.exe:*:Enabled:enable”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=”%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”
“C:\\Programmer\\MSN Messenger\\msncall.exe”=“C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)”
“C:\\Programmer\\MSN Messenger\\msnmsgr.exe”=“C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1”
“C:\\Programmer\\MSN Messenger\\livecall.exe”=“C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)”
Remaining Files:
———————-
Checking For Files with Hidden Attributes :
C:\Programmer\BitLord\Downloads\Ghost.Rider.REAL.PROPER.TS.XViD-mVs.[www.torrentfive.com]\Thumbs.db
C:\Programmer\BitLord\Downloads\Ghost.Rider.REAL.PROPER.TS.XViD-mVs.[www.torrentfive.com]\Sample\Thumbs.db
C:\Programmer\BitLord\Downloads\Jenna.Jameson.-.And.The.Winner.Is.Taylor.Hayes[www.torrentgo.com]\Thumbs.db
C:\Programmer\BitLord\Downloads\POV Centerfolds 3 XXX [All Sex][www.sexotorrent.com]\Thumbs.db
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Outlook Express\msimn.exe
Add/Remove Programs List:
ECHO er sl†et fra.
Ad-aware 6 Personal
ATI - Software Uninstall Utility
AnyDVD
ASAPI Update
ATI Display Driver
AVG Anti-Spyware 7.5
BitLord 1.1
CCleaner (remove only)
CloneCD
CloneDVD2
DVDFab Platinum 2.51
Easy CD-DA Extractor 9.0.1
eMule
FLAC Installer 1.1.2a (remove only)
Highland Park
HijackThis 1.99.1
Indeo© software
PowerQuest PartitionMagic 8.0
Kaspersky Anti-Virus 6.0
K-Lite Mega Codec Pack 1.16
Magic ISO Maker v5.3 (build 0221)
Microsoft .NET Framework 1.1
Nero OEM
NeroVision Express 2
Nero Media Player
PCI Audio Driver
QuickTime
ratDVD 0.7.1239
Recover My Files
Adobe Flash Player 9 ActiveX
Sound Forge v4.5e final (329)
SpeedFan (remove only)
DMXDESK9
Steinberg WaveLab 5.00a
Update Service
Virtual DJ - Atomix Productions
Vodei Multimedia Processor 2.00
WaveLab
Winamp (remove only)
Windows Commander (Remove or Repair)
WinISD Pro [alpha]
WinRAR 3.42 (Dansk)
Smart Office Keyboard
Google Gmail Notifier
ATI Control Panel
Logitech SetPoint
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 10
Google Earth
ATI HYDRAVISION
PowerDVD
PartitionMagic
LaCie Backup Software v1.5.2215
Kaspersky Anti-Virus 6.0
Line Speed Meter
PC-Linq
Microsoft Office XP Professional med FrontPage
Thrustmapper
Microsoft Visual C++ 2005 Redistributable
Adobe Reader 7.0.9 - Dansk
SketchUp 5
Sony Ericsson PC Suite
Microsoft .NET Framework 1.1
SUPERAntiSpyware Professional
KiSS PC-Link
ECHO er sl†et fra.
KhalSetup
Windows Live Messenger
Finished
Logfile of HijackThis v1.99.1
Scan saved at 21:39:22, on 08-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\LaCie\Backup Software\LaCieBackup.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Netropa\Onscreen Display\OSD.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {177B0AA7-47AA-44D5-8B81-4F7DB91E01C9} - C:\WINDOWS\system32\gbnagbn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe”
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [kav] “C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Programmer\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: vpjvpjdk - C:\WINDOWS\SYSTEM32\gbnagbn.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
|
|
|
Redaktør
Antal indlæg: 10177
|
Med alle de fildelingsprogrammer du bruger så beder du altså om problemer, så jeg vil anbefale dig at afinstallere dem inden vi fortsætter her.
|
|
|
|
|
Jamen så er de slettet, begge 2. Og mapperne også.
|
|
|
|
|
“... begge 2…” Hmmm…
Jeg tæller lidt mere:
C:\Programmer\BitLord\
C:\Programmer\BitTorrent\
C:\Programmer\ABC\
C:\Programmer\DC++\
C:\Programmer\Soulseek\
D:\WIZARD\
C:\Programmer\eMule\
C:\WINDOWS\system32\P2P Networking\
C:\Programmer\Kazaa\
Slet disse mapper HELT og kør “SDFix.exe” procedure igen som beskrevet ved [08/03/2007 : 21:25:34] ...
Incl en Frisk HiJackThis Log…
|
