*Løst*Venner får tekst og linker fra min msn.

[KenBjork]

Emnetittel sier det meste.

 

Lately it appears I have been (without knowing) sending people this message (or something quite like it):

"Did you see the Acai Berry pills on Oprah the other day. I found a good source for 5 dollars. They really do work because I lost 6 pounds in a week. Try it too XXXX://givenew.com"

Og en til:

Wow I finally found a way to lose weight and is inexpensive. Try 5 dollars and I lost 9 pounds in 15 days. Check it out also, I hope it can help you too XXXX://tilltakes.com

 

 

Fikk høre om dette nå i morgentimene fra venner at de har fått disse 2 variantene.

Det er 2 pcèr jeg bruker, den som er på jobb, og min personlig her hjemme.

 

Sitter nå og kjører på min personlig pc her hjemme:

CCleaner, Spybot - Search & Destroy, SUPERAntiSpyware, Malwarebytes, Avast Antivirus.

 

Så langt ikke funnet grums.

Står enda igjen å kjøre: Malwarebytes og Avast.

 

Noen som har tips til annet?

Endret 11. april 2009 av KenBjork

[Cpt]

Utrolig rart at du ikke har funnet noe etter å ha kjørt alt det der.

[Fred7555]

Følg Veiledningen

Endret 9. april 2009 av Fred7555

[Bruker-158599]

Du burde også skifte passord, noen ganger så er det bare passordet,men følg veiledning linka til poster over

[KenBjork]

Ja har skifta pw på msn og det ble stille.

Ingen har rapportert om nye utsendelser.

 

Har ikke hatt tid å fulgt guiden enda. Men kommer til å gjøre det når tiden strekker til.

[KenBjork]

Tok meg bare tid til å gjøre dette nå jeg.

 

SAS

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/11/2009 at 08:29 AM

 

Application Version : 4.26.1000

 

Core Rules Database Version : 3839

Trace Rules Database Version: 1795

 

Scan type : Complete Scan

Total Scan Time : 00:30:28

 

Memory items scanned : 626

Memory threats detected : 0

Registry items scanned : 5576

Registry threats detected : 0

File items scanned : 26300

File threats detected : 4

 

Adware.Tracking Cookie

C:\Documents and Settings\Kenneth\Cookies\[email protected][2].txt

C:\Documents and Settings\Kenneth\Cookies\[email protected][2].txt

C:\Documents and Settings\Kenneth\Cookies\[email protected][1].txt

C:\Documents and Settings\Kenneth\Cookies\[email protected][1].txt

 

 

MBAM

 

 

Malwarebytes' Anti-Malware 1.36

Databaseversjon: 1964

Windows 5.1.2600 Service Pack 3

 

11.04.2009 08:46:14

mbam-log-2009-04-11 (08-46-14).txt

 

Skanntype: Rask Skann

Objekter skannet: 50834

Tid tilbakelagt: 1 minute(s), 54 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

Combo

 

 

ComboFix 09-04-04.01 - Kenneth 2009-04-11 8:56:14.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2047.1286 [GMT 2:00]

Kjører fra: c:\documents and settings\Kenneth\Skrivebord\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090410-0] *On-access scanning disabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-11 til 2009-04-11 )))))))))))))))))))))))))))))))))

.

 

2009-04-09 08:12 . 2009-04-11 08:50 <DIR> dr-h----- c:\documents and settings\Kenneth\Siste

2009-03-29 13:44 . 2009-04-03 16:24 <DIR> d-------- c:\programfiler\Google

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-09 16:34 --------- d-----w c:\programfiler\Spybot - Search & Destroy

2009-04-09 06:16 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware

2009-04-09 06:16 --------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-01 14:21 --------- d-----w c:\programfiler\Java

2009-03-31 19:46 --------- d-----w c:\documents and settings\Kenneth\Programdata\uTorrent

2009-03-27 15:58 --------- d-----w c:\programfiler\SUPERAntiSpyware

2009-03-26 17:29 --------- d-----w c:\documents and settings\Kenneth\Programdata\OpenOffice.org2

2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-03-08 09:03 --------- d-----w c:\programfiler\OCCT

2009-02-27 17:16 --------- d-----w c:\programfiler\Analog Devices

2009-02-19 16:45 --------- d-----w c:\programfiler\Windows Live

2009-02-19 16:44 --------- d-----w c:\programfiler\Microsoft Sync Framework

2009-02-19 16:44 --------- d-----w c:\programfiler\Microsoft SQL Server Compact Edition

2009-02-17 20:39 --------- d-----w c:\programfiler\Winamp

2009-02-13 16:56 --------- d-----w c:\documents and settings\Kenneth\Programdata\Malwarebytes

2009-02-13 16:56 --------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes

2009-02-09 14:08 1,846,784 ----a-w c:\windows\system32\win32k.sys

2009-02-06 18:59 308,104 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2006-06-23 06:48 32,768 -c--a-r c:\windows\inf\UpdateUSB.exe

2008-05-07 19:22 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008050720080508\index.dat

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Steam"="d:\spill\cs\steam.exe" [2008-10-08 1410296]

"Creative Live! Cam Manager"="c:\programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]

"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]

"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-27 1830128]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"Ai Nap"="c:\programfiler\ASUS\AI Suite\AiNap\AiNap.exe" [2007-09-06 1426432]

"CPU Power Monitor"="c:\programfiler\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-04 626176]

"Cpu Level Up help"="c:\programfiler\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]

"Easy-PrintToolBox"="c:\programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]

"NeroFilterCheck"="c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-05-27 413696]

"RivaTunerStartupDaemon"="c:\programfiler\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]

"SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"muBlinder"="c:\documents and settings\Kenneth\Mine dokumenter\mu blinder\muBlinder.exe" [2008-03-27 1406464]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-28 805392]

SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 319488]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-01-02 09:05 356352 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Kenneth\\Mine dokumenter\\utorrent\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

"d:\\spill\\cs\\steamapps\\common\\call of duty 4\\iw3sp.exe"=

"d:\\spill\\cs\\steamapps\\common\\call of duty 4\\iw3mp.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"d:\\spill\\cs\\steamapps\\common\\left 4 dead\\left4dead.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 114768]

R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 9968]

R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-02 20560]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-19 55152]

R2 SeaPort;SeaPort;c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [2008-02-14 146720]

S2 gupdate1c9b063ab021aa4;Google Update Service (gupdate1c9b063ab021aa4);c:\programfiler\Google\Update\GoogleUpdate.exe [2009-03-29 133104]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-12-20 22640]

S3 fsssvc;Windows Live Tryggere for familien;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

 

2009-04-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-03-29 13:44]

.

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = *.local

IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: {F5F29CFD-4A08-4AE0-B216-F48620C01AA8} = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Kenneth\Programdata\Mozilla\Firefox\Profiles\rr2jkow6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://sol.no

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\Kenneth\Programdata\Mozilla\Firefox\Profiles\rr2jkow6.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\programfiler\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-11 08:56:59

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(768)

c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll

c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll

.

Tidspunkt ferdig: 2009-04-11 8:59:08

ComboFix-quarantined-files.txt 2009-04-11 06:58:58

ComboFix2.txt 2008-08-30 12:27:36

 

Pre-Run: 4 165 259 264 byte ledig

Post-Run: 4,164,820,992 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

169 --- E O F --- 2009-03-21 21:11:48

 

 

 

HJT

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:10:15, on 11.04.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe

C:\Programfiler\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

C:\WINDOWS\V0470Mon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Logitech\SetPoint II\SetpointII.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kenneth\Mine dokumenter\Logger\Ny mappe\kapre dette.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Ai Nap] "C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Programfiler\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Programfiler\ASUS\AI Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.09\RivaTuner.exe" /S

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Kenneth\Mine dokumenter\mu blinder\muBlinder.exe -startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "d:\spill\cs\steam.exe" -silent

O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: SetPointII.lnk = ?

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F5F29CFD-4A08-4AE0-B216-F48620C01AA8}: NameServer = 192.168.1.1

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate1c9b063ab021aa4) (gupdate1c9b063ab021aa4) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 9971 bytes

 

 

Endret 11. april 2009 av KenBjork

[norbat]

Loggene ser greie ut.

 

Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør)

 

Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows.

 

Surt trygt.

[KenBjork]

Morn, så fint da, takk for titt.

combo avinst.