Takkforden Skrevet 11. desember 2007 Del Skrevet 11. desember 2007 (endret) Huff, har fått slik en trojansk hest. Bruker F-secure, men det har tydeligvis ikke hjulpet særlig.. Her er HJT-loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:01:07, on 11.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\isass.exe C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\wscript.exe C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\Explorer.EXE C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\Programfiler\F-Secure\Common\FCH32.EXE C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Common\FIH32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\WINDOWS\vVX3000.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\java\jre1.6.0\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\HDD Health\hddhealth.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programfiler\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\Programfiler\OpenOffice.org1.1.3\program\soffice.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and settings\Kate A\Skrivebord\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [LifeCam] "C:\Programfiler\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Programfiler\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [Error Safe] "C:\Programfiler\Error Safe Free\ERS.exe" /min O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [HDDHealth] C:\Programfiler\HDD Health\hddhealth.exe -wl O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and settings\Kate A\Programdata\Mozilla\Firefox\Profiles\og5q18nm.Default User\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and settings\Kate A\Programdata\Mozilla\Firefox\Profiles/og5q18nm.Default User\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programfiler\Fellesfiler\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103809220312 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161358622171 O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.no/activex/ImageUploader3.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12768 bytes Håper noen kan hjelpe Endret 12. desember 2007 av Takkforden Lenke til kommentar
norbat Skrevet 11. desember 2007 Del Skrevet 11. desember 2007 Hei, og velkommen til forumet. Du har fått en liten ekkel sak som har evne til å kopiere seg til minnepenn og andre flyttbare lagringsmedier. Om du har koblet til noe slikt i den senere tid så bør du sjekke de med et av-prog. evt. formatere dem før du kobler dem til noen andre pc. Uansett, kjør gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene som lages, poster du her i din egen tråd. Lenke til kommentar
Takkforden Skrevet 12. desember 2007 Forfatter Del Skrevet 12. desember 2007 Okey, her kommer loggene mine: HJT-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:29:32, on 13.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\Programfiler\F-Secure\Common\FCH32.EXE C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\Programfiler\F-Secure\Common\FIH32.EXE C:\WINDOWS\Dit.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\WINDOWS\vVX3000.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\java\jre1.6.0\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\HDD Health\hddhealth.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programfiler\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programfiler\OpenOffice.org1.1.3\program\soffice.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and settings\Kate H A\Skrivebord\Finndette.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [LifeCam] "C:\Programfiler\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Programfiler\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [Error Safe] "C:\Programfiler\Error Safe Free\ERS.exe" /min O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [HDDHealth] C:\Programfiler\HDD Health\hddhealth.exe -wl O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and settings\Kate H A\Programdata\Mozilla\Firefox\Profiles\og5q18nm.Default User\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and settings\Kate A\Programdata\Mozilla\Firefox\Profiles/og5q18nm.Default User\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programfiler\Fellesfiler\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103809220312 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161358622171 O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.no/activex/ImageUploader3.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11941 bytes Combofix-logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 07-12-12.3 - Kate A 2007-12-13 19:39:00.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.110 [GMT 1:00] Running from: C:\Documents and settings\Kate A\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))) . 2007-12-12 22:20 . 2007-12-12 22:20 <DIR> d-------- C:\Documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2007-12-12 22:19 . 2007-12-12 23:47 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and settings\Kate A\Programdata\SUPERAntiSpyware.com 2007-12-12 22:18 . 2007-12-12 22:18 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-12-12 22:10 . 2007-12-12 23:52 1,393 --a------ C:\WINDOWS\imsins.BAK 2007-12-11 22:02 . 2007-12-12 22:17 <DIR> dr-h----- C:\Documents and settings\Kate A\Siste 2007-12-11 21:55 . 2007-12-11 21:55 <DIR> d-------- C:\Programfiler\CCleaner 2007-12-02 19:57 . 2006-06-09 11:04 278,528 --a------ C:\WINDOWS\system32\cmdiag.cpl 2007-12-02 19:56 . 2006-06-09 11:04 278,528 --a------ C:\WINDOWS\system32\cmdiag.new 2007-12-02 19:56 . 2005-04-13 11:17 163,840 --a------ C:\WINDOWS\system32\cmabout.dll 2007-12-02 19:56 . 2006-07-11 11:03 84,608 --a------ C:\WINDOWS\system32\drivers\cxbu0wdm.sys 2007-12-02 19:56 . 2007-12-02 19:56 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-02 19:56 . 2006-03-20 13:53 61,440 --a------ C:\WINDOWS\system32\chksvrn.dll 2007-12-02 19:56 . 2001-04-27 09:39 41,926 --a------ C:\WINDOWS\system32\ok.bmp 2007-12-02 19:56 . 2006-07-04 08:17 10,229 --a------ C:\WINDOWS\system32\cmdiag.ini 2007-12-02 19:56 . 2006-02-03 10:42 142 --a------ C:\WINDOWS\system32\cmabout.ini 2007-12-02 19:55 . 2007-12-02 19:55 <DIR> d-------- C:\Programfiler\Buypass 2007-11-20 20:36 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-20 20:36 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-20 20:36 . 2007-03-08 06:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-20 20:36 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-20 20:36 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-20 20:36 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-20 20:36 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-20 20:36 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-20 20:36 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-20 20:35 . 2007-11-20 20:36 <DIR> d-------- C:\WINDOWS\system32\nb-no . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-13 18:10 --------- d-----w C:\Programfiler\OpenOffice.org1.1.3 2007-12-13 18:08 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-12-13 18:08 --------- d-----w C:\Programfiler\HDD Health 2007-12-12 22:07 --------- d-----w C:\Documents and settings\Kate A\Programdata\Skype 2007-12-12 22:04 --------- d-----w C:\Programfiler\text pad 2007-12-11 21:01 --------- d-----w C:\Documents and settings\All Users\Programdata\Spybot - Search & Destroy 2007-12-02 18:57 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-02 18:56 --------- d-----w C:\Programfiler\Java 2007-11-15 11:30 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-26 21:07 28,352 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2006-06-22 15:59 49,430 ----a-w C:\Documents and settings\Kate A\Programdata\wklnhst.dat 2005-04-18 20:12 61,424 ----a-w C:\Documents and settings\Kate A\Programdata\GDIPFONTCACHEV1.DAT 2005-04-08 09:22 72,974,804 ----a-w C:\Programfiler\OOo_1.1.3_Win32Intel_install_nb.zip 2004-12-23 14:27 8 --sh--r C:\WINDOWS\system32\F30928A2D0.sys 2004-12-23 14:27 5,224 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-08-17 10:04 7,486 --sha-r C:\WINDOWS\system32\killVBS.vbs . ((((((((((((((((((((((((((((( snapshot@2007-12-12_22.15.39.31 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-06 02:01:45 22,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spcustom.dll + 2007-03-06 02:01:46 14,560 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spmsg.dll + 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst.exe + 2007-03-06 02:02:09 721,120 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\update.exe + 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\updspapi.dll + 2007-12-12 21:19:09 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe + 2007-12-12 21:19:09 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe - 2007-08-20 10:03:29 124,928 ------w C:\WINDOWS\system32\advpack.dll + 2007-10-10 23:53:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-08-20 10:03:29 63,488 ------w C:\WINDOWS\system32\icardie.dll + 2007-10-10 23:53:52 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-08-20 10:03:30 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll + 2007-10-10 23:53:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-08-20 10:03:33 6,058,496 ------w C:\WINDOWS\system32\ieframe.dll + 2007-10-10 23:53:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-08-20 10:03:33 267,776 ------w C:\WINDOWS\system32\iertutil.dll + 2007-10-10 23:53:54 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-08-20 10:03:34 459,264 ------w C:\WINDOWS\system32\msfeeds.dll + 2007-10-10 23:53:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-08-20 10:03:34 52,224 ------w C:\WINDOWS\system32\msfeedsbs.dll + 2007-10-10 23:53:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2007-08-20 14:33:38 3,584,512 ------w C:\WINDOWS\system32\mshtml.dll + 2007-10-30 23:30:15 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-08-20 10:03:37 105,984 ------w C:\WINDOWS\system32\url.dll + 2007-10-10 23:53:59 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-08-20 10:03:37 1,152,000 ------w C:\WINDOWS\system32\urlmon.dll + 2007-10-10 23:53:59 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-08-20 10:03:38 824,832 ------w C:\WINDOWS\system32\wininet.dll + 2007-10-10 23:54:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "Free Download Manager"="C:\Programfiler\Free Download Manager\fdm.exe" [] "Error Safe"="C:\Programfiler\Error Safe Free\ERS.exe" [] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 22:03] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-03-30 12:34] "HDDHealth"="C:\Programfiler\HDD Health\hddhealth.exe" [2005-06-24 08:17] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FFTI"="C:\Documents and settings\Kate A\Programdata\Mozilla\Firefox\Profiles\og5q18nm.Default User\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-30 12:31] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2004-12-09 08:11 C:\WINDOWS\system32\nwiz.exe] "Snarvei til egenskapsside for High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Dit"="Dit.exe" [2004-07-20 18:18 C:\WINDOWS\Dit.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 C:\WINDOWS\AGRSMMSG.exe] "CHotkey"="mHotkey.exe" [2004-02-24 14:05 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2004-02-03 17:15 C:\WINDOWS\CNYHKey.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "PCMService"="C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" [2004-10-29 20:34] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-09 19:10] "MMTray"="C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-03-09 19:10] "F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.exe" [2002-12-05 15:24] "LifeCam"="C:\Programfiler\Microsoft LifeCam\LifeExp.exe" [2006-04-28 01:36] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-04-26 04:09] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 10:54] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 11:08] "HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 10:40] "DeviceDiscovery"="C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 19:56] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "SunJavaUpdateSched"="C:\Programfiler\java\jre1.6.0\bin\jusched.exe" [2007-12-02 19:56] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] C:\Documents and settings\Kate A\Start-meny\Programmer\Oppstart\ OpenOffice.org 1.1.3.lnk - C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe [2004-09-15 00:10:00] C:\Documents and settings\All Users\Start-meny\Programmer\Oppstart\ BlueSoleil.lnk - C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe [2004-12-23 12:35:22] D-link AirPlus G DWL-G120 Wireless USB.lnk - C:\Programfiler\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe [2005-03-22 18:50:49] Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2007-07-16 21:13:31] VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-01-21 22:31:30] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSfilter.sys R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSgk.sys R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSrec.sys R2 FSpm;F-Secure Policy Manager;\??\C:\Programfiler\F-Secure\Common\FSPM.SYS R2 MSCamSvc;MSCamSvc;"C:\Programfiler\Microsoft LifeCam\MSCamSvc.exe" R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys S2 CSNetManagerXp;CSNetManagerXp;"C:\WINDOWS\system32\isass.exe" S3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86e7fec6-fda5-11db-9565-00110957ae00}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87958517-45ec-11dc-95dc-00110951904d}] \Shell\Auto\command - MicrosoftPowerPoint.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7e95040-7e2d-11da-92a8-00110957ae00}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d13d3c7d-7ff1-11d9-9111-00110951904d}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder "2007-11-24 19:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-13 19:41:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\HKCYDLL.dll . Completion time: 2007-12-13 19:42:11 C:\ComboFix2.txt ... 2007-12-12 22:16 . 2007-12-12 22:52:16 --- E O F --- SAS-logg Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/13/2007 at 08:20 PM Application Version : 3.9.1008 Core Rules Database Version : 3359 Trace Rules Database Version: 1358 Scan type : Complete Scan Total Scan Time : 00:33:28 Memory items scanned : 636 Memory threats detected : 0 Registry items scanned : 6711 Registry threats detected : 0 File items scanned : 39804 File threats detected : 0 Lenke til kommentar
norbat Skrevet 12. desember 2007 Del Skrevet 12. desember 2007 (endret) Se om du får avinstaller ErrorSafe fra legg til / fjern programmer Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKCU\..\Run: [Error Safe] "C:\Programfiler\Error Safe Free\ERS.exe" /min O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe (file missing) Bruk utforsker til å slette mappa, hvis tilstede (i fet): C:\Programfiler\Error Safe Free Klikk: Start->Kjør Skriv: cmd Fra ledetekst skriv (det som står i fet): sc stop CSNetManagerXp (klikk: Enter) sc delete CSNetManagerXp (klikk: Enter) Exit (klikk: Enter) Post ny HJT-logg. Endret 12. desember 2007 av norbat Lenke til kommentar
Takkforden Skrevet 12. desember 2007 Forfatter Del Skrevet 12. desember 2007 Fant ikke ErrorSafe hverken i leggtil/fjern programmer eller i utforsker (ikke med søk, heller..). Fikk også beskjed om at CSNetManagerXP ikke var installert.. Så kanskje de er sletta?! Her er i hvertfall ny HJT-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:25:36, on 13.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\Programfiler\F-Secure\Common\FCH32.EXE C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Common\FIH32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Dit.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\WINDOWS\vVX3000.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\java\jre1.6.0\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\HDD Health\hddhealth.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programfiler\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\OpenOffice.org1.1.3\program\soffice.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and settings\Kate Haukerud A\Skrivebord\Finndette.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [LifeCam] "C:\Programfiler\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Programfiler\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [HDDHealth] C:\Programfiler\HDD Health\hddhealth.exe -wl O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and settings\Kate Haukerud A\Programdata\Mozilla\Firefox\Profiles\og5q18nm.Default User\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and settings\Kate Haukerud A\Programdata\Mozilla\Firefox\Profiles/og5q18nm.Default User\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O4 - Global Startup: VPN Client.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programfiler\Fellesfiler\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103809220312 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161358622171 O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.no/activex/ImageUploader3.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11657 bytes *håper viruset er borte snart* Lenke til kommentar
norbat Skrevet 12. desember 2007 Del Skrevet 12. desember 2007 (endret) Da er PC-en ren Du bør oppdatere javaen: http://java.com/en/download/index.jsp Du bør også nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt. Endret 12. desember 2007 av norbat Lenke til kommentar
Takkforden Skrevet 12. desember 2007 Forfatter Del Skrevet 12. desember 2007 Takker så mye, norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå