Uønskede popups og .dll blokkeringer af Bullgurad!
HejJeg får konstant et Ie vindu op som strter med :
http://www.dreammerchantsnetwork.com/DMAD.asp?M=P&ID=Dream&siteURL=MONEY4NET.COM
og siderne skifter så en gang imellem.
Her følger min Hijackthis log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:26:24, on 30-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
f:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
F:\Programmer\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\Tmpe\MyCec.exe
F:\Programmer\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Programmer\MagicDisc\MagicDisc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Programmer\Winamp\winamp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\explorer.exe
F:\virus\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} - C:\WINDOWS\system32\iifeecd.dll
O2 - BHO: (no name) - {4733D38B-57F4-421B-ADF4-EB6B0D94E2E7} - C:\WINDOWS\system32\mllmj.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7A264FF1-5F1D-4BC3-BB1C-887D6AC78A63} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {36be8fec-3f38-52a9-f8e4-8393c29ddc98} - {89cdd92c-3938-4e8f-9a25-83f3cef8eb63} - C:\WINDOWS\system32\deglsknf.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9A74B90D-FB77-4EED-94C1-C5B643CD5381} - C:\WINDOWS\system32\ddaba.dll (file missing)
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmer\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PaperPort PTD] F:\Programmer\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] F:\Programmer\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] F:\Programmer\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM333a6c26] Rundll32.exe "C:\WINDOWS\system32\ewvgpkam.dll",s
O4 - HKLM\..\Run: [30095fba] rundll32.exe "C:\WINDOWS\system32\dqnwqwdj.dll",b
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Programmer\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [LoadWatcher] Test
O4 - HKCU\..\Run: [AlcoholAutomount] "f:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AutorunApp] C:\Windows\Tmpe\MyCec.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Startup: MagicDisc.lnk = C:\Programmer\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://www.dww.dk
O15 - Trusted Zone: www.dr.dk" target="_blank">http://*.www.dr.dk
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://streams3.rawflow.com/clients/3.1.1.0/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jronsholt.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://87.54.59.228/activex/AMC.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.plf.dk/greve/ACGM/acgm.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: iifeecd - C:\WINDOWS\SYSTEM32\iifeecd.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Programmer\BullGuard Software\BullGuard\support\bgrasvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - f:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 12066 bytes
Håber i kan se hvad der driller
Mvh
Jon
