[Løst]kan noen sjekke denne HJT loggen

[hattrick133]

HJT logg

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:10:37, on 08.02.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\ASUS WiFi-AP Solo\AWWFSPU.exe

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\MagicDisc\MagicDisc.exe

C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE

C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Programfiler\Azureus\Azureus.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Valve\Steam\Steam.exe

C:\Programfiler\Opera\opera.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AWWFSPU] "C:\Programfiler\ASUS WiFi-AP Solo\AWWFSPU.exe" -nogui

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Programfiler\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [GAINWARD] C:\Programfiler\EXPERTool\TBPanel.exe /A

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe

O24 - Desktop Component 0: (no name) - C:\Programfiler\Windows NT\kyzeveka.html

O24 - Desktop Component 1: (no name) - C:\Programfiler\Microsoft Works\howy.html

 

--

End of file - 9636 bytes

 

 

[Gavekort]

Er skeptisk til disse to.

 

O24 - Desktop Component 0: (no name) - C:\Programfiler\Windows NT\kyzeveka.html

O24 - Desktop Component 1: (no name) - C:\Programfiler\Microsoft Works\howy.html

 

Noen som vil gi en pekepinn?

[raWrz]

Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet.

 

Kjør fila og installer programmet. Velg Norsk språkdrakt.

• Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.
  

La programmet oppdatere seg og velg Utfør hurtig systemskann.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

 

Notis:

Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål.

Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen.

Hvis du blir spurt om å restarte maskinen, gjør du det med en gang.

 

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies

[hattrick133]

litt seint å svare men MBAM fant ingen ting

[snippsat]

Ja loggen ser grei ut.

Kjører pcen greit,sier vi det er greit.

Ønsker du en grundigere sjekk kjøre du combofix(veiledningen)