Søg
Avatar billede rasmuslarsen2 Nybegynder
09. december 2004 - 16:19 Der er 9 kommentarer og
1 løsning

Meget langsomt internet

Hej

Jeg har dette meget store problem. Mit internet er simpelthen totalt langsomt... da jeg skulle downloade HijackThis var hastigheden 0,7 KB/s... jeg ved ikke helt om det er spyware (Spybot finder intet) eller det er en virus? Jeg har netop fanget en virus kaldet Padobot.AA med AVG (Free Version). Den lå i en fil kaldet ftpupd.exe i system32 mappen. Det er nok 10'ende gang den finder den og den bliver ved med at komme igen. Er der nogen der kan forklare hvordan jeg fjerner denne så den ikke kommer igen og kan Padobot være grunden til mit langsomme internet?

Jeg har også lige en HijackThis log som i kan se:

Logfile of HijackThis v1.97.7
Scan saved at 16:17:50, on 09-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\servicetask.exe
C:\WINDOWS\System32\crss.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\crsss.exe
C:\WINDOWS\System32\taskzmngrz.exe
C:\Programmer\Netscape\Netscp.exe
C:\WINDOWS\System32\mshelp32.exe
C:\Programmer\adobe abrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\msgrsv32.exe
C:\Program Files\Windows AdService\WinAdServ.exe
C:\Program Files\Windows AdService\WinAdSlave.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\spool.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Rasmus\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Rasmus Larsen Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.dk/"); (C:\Documents and Settings\Rasmus\Application Data\Mozilla\Profiles\default\mc258msx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Rasmus\Application Data\Mozilla\Profiles\default\mc258msx.slt\prefs.js)
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programmer\adobe abrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll (file missing)
O2 - BHO: (no name) - {93359B85-A6DA-4FC7-A323-1FDA8783FDC2} - C:\WINDOWS\System32\gbio.dll (file missing)
O2 - BHO: (no name) - {CF043DDA-003A-8F49-8D96-1C982DBFCD45} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\Run: [svshost32] C:\WINDOWS\System32\msgrsv32.exe
O4 - HKLM\..\Run: [usbdrv] servicetask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\Run: [Task-manager] taskzmngrz.exe
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [Printer Services] spool.exe
O4 - HKLM\..\RunServices: [realplayer] C:\Programmer\FlashFXP\crack.exe
O4 - HKLM\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\RunServices: [usbdrv] servicetask.exe
O4 - HKLM\..\RunServices: [Task-manager] taskzmngrz.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [Printer Services] spool.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKCU\..\Run: [usbdrv] servicetask.exe
O4 - HKCU\..\Run: [Task-manager] taskzmngrz.exe
O4 - HKCU\..\Run: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\RunOnce: [realplayer] C:\Programmer\FlashFXP\crack.exe
O4 - HKLM\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - Startup: backup.lnk = C:\Documents and Settings\Rasmus\Skrivebord\StuFF\backup.bat
O4 - Startup: files.lnk = C:\Documents and Settings\Rasmus\Skrivebord\StuFF\files.bat
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe abrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download alle med Net Transport - C:\Programmer\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download med Net Transport - C:\Programmer\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB


Nogen der kan hjælpe? Vil sgu ikke til at formatere...


På forhånd tak
Rasmus
Avatar billede johnstigers Seniormester
09. december 2004 - 16:21 #1
Fix: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\gbio.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Rasmus Larsen Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
Avatar billede rasmuslarsen2 Nybegynder
09. december 2004 - 16:35 #2
OK de er fixed, hvad skal jeg så gøre nu?
Avatar billede johnstigers Seniormester
09. december 2004 - 16:41 #3
Ny log - sorry.
Avatar billede rasmuslarsen2 Nybegynder
09. december 2004 - 16:43 #4
Logfile of HijackThis v1.97.7
Scan saved at 16:43:50, on 09-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\servicetask.exe
C:\WINDOWS\System32\crss.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\crsss.exe
C:\WINDOWS\System32\taskzmngrz.exe
C:\Programmer\Netscape\Netscp.exe
C:\Programmer\adobe abrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\msgrsv32.exe
C:\Program Files\Windows AdService\WinAdServ.exe
C:\Program Files\Windows AdService\WinAdSlave.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\mshelp32.exe
C:\WINDOWS\System32\spool.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rasmus\Skrivebord\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.dk/"); (C:\Documents and Settings\Rasmus\Application Data\Mozilla\Profiles\default\mc258msx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Rasmus\Application Data\Mozilla\Profiles\default\mc258msx.slt\prefs.js)
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programmer\adobe abrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll (file missing)
O2 - BHO: (no name) - {93359B85-A6DA-4FC7-A323-1FDA8783FDC2} - C:\WINDOWS\System32\gbio.dll (file missing)
O2 - BHO: (no name) - {CF043DDA-003A-8F49-8D96-1C982DBFCD45} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\Run: [svshost32] C:\WINDOWS\System32\msgrsv32.exe
O4 - HKLM\..\Run: [usbdrv] servicetask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\Run: [Task-manager] taskzmngrz.exe
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [Printer Services] spool.exe
O4 - HKLM\..\RunServices: [realplayer] C:\Programmer\FlashFXP\crack.exe
O4 - HKLM\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\RunServices: [usbdrv] servicetask.exe
O4 - HKLM\..\RunServices: [Task-manager] taskzmngrz.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [Printer Services] spool.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKCU\..\Run: [usbdrv] servicetask.exe
O4 - HKCU\..\Run: [Task-manager] taskzmngrz.exe
O4 - HKCU\..\Run: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\RunOnce: [realplayer] C:\Programmer\FlashFXP\crack.exe
O4 - HKLM\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - Startup: backup.lnk = C:\Documents and Settings\Rasmus\Skrivebord\StuFF\backup.bat
O4 - Startup: files.lnk = C:\Documents and Settings\Rasmus\Skrivebord\StuFF\files.bat
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe abrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download alle med Net Transport - C:\Programmer\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download med Net Transport - C:\Programmer\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
Avatar billede rasmuslarsen2 Nybegynder
09. december 2004 - 17:27 #5
Ingen der kan hjælpe???
Avatar billede rasmuslarsen2 Nybegynder
09. december 2004 - 17:50 #6
Har lige fjernet et par punkter her er loggen igen:

Logfile of HijackThis v1.97.7
Scan saved at 17:49:26, on 09-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\servicetask.exe
C:\WINDOWS\System32\crss.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\crsss.exe
C:\WINDOWS\System32\taskzmngrz.exe
C:\Programmer\Netscape\Netscp.exe
C:\Programmer\adobe abrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\msgrsv32.exe
C:\Program Files\Windows AdService\WinAdServ.exe
C:\Program Files\Windows AdService\WinAdSlave.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\mshelp32.exe
C:\Documents and Settings\Rasmus\Skrivebord\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.dk/"); (C:\Documents and Settings\Rasmus\Application Data\Mozilla\Profiles\default\mc258msx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Rasmus\Application Data\Mozilla\Profiles\default\mc258msx.slt\prefs.js)
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programmer\adobe abrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll (file missing)
O2 - BHO: (no name) - {93359B85-A6DA-4FC7-A323-1FDA8783FDC2} - C:\WINDOWS\System32\gbio.dll (file missing)
O2 - BHO: (no name) - {CF043DDA-003A-8F49-8D96-1C982DBFCD45} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\Run: [svshost32] C:\WINDOWS\System32\msgrsv32.exe
O4 - HKLM\..\Run: [usbdrv] servicetask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\Run: [Printer Services] spool.exe
O4 - HKLM\..\Run: [Task-manager] taskzmngrz.exe
O4 - HKLM\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\RunServices: [usbdrv] servicetask.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [Printer Services] spool.exe
O4 - HKLM\..\RunServices: [Task-manager] taskzmngrz.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKCU\..\Run: [usbdrv] servicetask.exe
O4 - HKCU\..\Run: [Win32 Network Driver] crss.exe
O4 - HKCU\..\Run: [Task-manager] taskzmngrz.exe
O4 - HKCU\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - Startup: backup.lnk = C:\Documents and Settings\Rasmus\Skrivebord\StuFF\backup.bat
O4 - Startup: files.lnk = C:\Documents and Settings\Rasmus\Skrivebord\StuFF\files.bat
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\adobe abrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

Ingen der ved hvordan man fjerner den der Padobot så den ikke kommer igen hele tiden? Lige nu er den i min "Virus vault" men hvordan sikrer jeg mig at den ikke kommer igen?
Avatar billede johnstigers Seniormester
09. december 2004 - 18:33 #7
ok - jeg kigger på den!
Avatar billede rasmuslarsen2 Nybegynder
10. december 2004 - 14:28 #8
Det virker nu... hvis der kommer flere problemer opretter jeg nok et nyt spørgsmål...

Svar:

Fik hjælp på Spywarefri.dk's forum
Avatar billede johnstigers Seniormester
10. december 2004 - 21:52 #9
Næste gang, så opret spørgsmålet i eet forum ad gangen! Jeg sad og tjekkede din log (copy/paste ind i word doc) offline og havde en løsning klar. Så ser jeg du har fået det rettet andet steds...
Totalt spildt arbejde!!!!
Avatar billede johnstigers Seniormester
10. december 2004 - 21:53 #10
Og selvfølgelig undskylder jeg at det tog så lang tid.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
07/0514:15 PHP Html Af Asky i Programmeringsværktøjer
07/0511:06 Rufus mange muligheder - valg ved install Windows Af Uvanga i Windows
06/0516:53 HTML Af Asky i Programmeringsværktøjer
06/0510:01 Mister internettet efter slumre, Af valby i Windows
05/0513:02 Lille smart tingest Af nu_igen i Fitness & Smartwatches
White papers
Flere white papers »