matematikern Skrevet 16. desember 2009 Del Skrevet 16. desember 2009 Har visst fått en del malware på pcen... Har skannet med malwarebytes og den fant mye, mens microsoft security essentials sin skann ble avbrutt mot slutten... Her er logg fra malwarebytes: Malwarebytes' Anti-Malware 1.42 Databaseversjon: 3368 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 15.12.2009 22:22:32 mbam-log-2009-12-15 (22-22-32).txt Skanntype: Rask Skann Objekter skannet: 127807 Tid tilbakelagt: 13 minute(s), 31 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 1 Registernøkler infisert: 32 Registerverdier infisert: 5 Registerfiler infisert: 0 Mapper infisert: 23 Filer infisert: 71 Minneprosesser infisert: C:\Programfiler\Internet Today\1.1.0.1260\InternetToday.exe (Adware.Agent) -> Unloaded process successfully. Minnemoduler infisert: C:\Programfiler\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Delete on reboot. Registernøkler infisert: HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet today task (Adware.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\Internet Today (Adware.Agent) -> Delete on reboot. C:\Programfiler\Internet Today\1.1.0.1260 (Adware.Agent) -> Delete on reboot. C:\Programfiler\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\components (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\components (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960 (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\components (Adware.Agent) -> Quarantined and deleted successfully. Filer infisert: C:\Programfiler\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Gameztar Toolbar\2.1.3.6670\mvb0.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\m.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\g.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\h.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\d.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\j.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\k.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\l.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\a.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\n.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\*****\Lokale innstillinger\temp\f.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programfiler\Internet Today\1.1.0.1260\InternetToday.exe (Adware.Agent) -> Delete on reboot. C:\Programfiler\Internet Today\1.1.0.1260\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Internet Today\1.1.0.1260\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Internet Today\1.1.0.1260\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Internet Today\1.1.0.1260\PixelLogExe.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Internet Today\1.1.0.1260\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Delete on reboot. C:\Programfiler\Internet Today\1.1.0.1260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Internet Today\1.1.0.1260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\lri.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\WSOpx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Web Search Operator\4.1.0.2080\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\ACEpx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\lri.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\CPAHelper.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\CPApx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\lri.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. Noen som vet noe om hva dette er/ hvor det kommer fra? Ser at combofix holder på å oppdateres? Er det mulig å få tak i en fungerende versjon nå? Vet noen hvor lenge det er til combofix er i gang igjen? Lenke til kommentar
norbat Skrevet 16. desember 2009 Del Skrevet 16. desember 2009 Det er ikke uvanlig at slik adware kommer sammen med div. spill (online). Når Combofix vil være klar igjen, vet jeg ikke, men normalt tar det ikke alt for lang tid Lenke til kommentar
matematikern Skrevet 16. desember 2009 Forfatter Del Skrevet 16. desember 2009 Legger ved screenshot av microsoft securityessentials resultat av full scan av maskinen, hvis det kunne være til noen hjelp for meg: Får håpe combofix er klar igjen snart! Lenke til kommentar
norbat Skrevet 16. desember 2009 Del Skrevet 16. desember 2009 Kjør gjerne en ny rask skann med mbam og se om den fortsatt finner noe. Du kunne også ha postet en DDS-logg (last ned fila til skrivebordet og kjør. Det lages en logg etter få strakser) Lenke til kommentar
matematikern Skrevet 17. desember 2009 Forfatter Del Skrevet 17. desember 2009 (endret) Malwarebytes fant ingen flere filer. Logg fra DDS: DDS (Ver_09-12-01.01) - NTFSx86 Run by ********* at 11:49:55,10 on 17.12.2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1278.681 [GMT 1:00] AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00D7-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00F0-0D24-347CA8A3377C} AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Programfiler\Microsoft Security Essentials\MsMpEng.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\atwtusb.exe C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\TBLMOUSE.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Logitech\Logitech Vid\vid.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Opera\Opera.exe C:\Documents and Settings\*********\Skrivebord\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.startsiden.no/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 10.10.2.1:8080 uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programfiler\msn toolbar suite\tb2.05.0000.1105\nb-no\msntb.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programfiler\msn toolbar suite\tb2.05.0000.1105\nb-no\msntb.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Logitech Vid] "c:\programfiler\logitech\logitech vid\vid.exe" -bootmode mRun: [soundMAXPnP] c:\programfiler\analog devices\core\smax4pnp.exe mRun: [iSUSScheduler] "c:\programfiler\fellesfiler\installshield\updateservice\issch.exe" -start mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [REGSHAVE] c:\programfiler\regshave\REGSHAVE.EXE /AUTORUN mRun: [atwtusb] atwtusb.exe beta mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [LogitechQuickCamRibbon] "c:\programfiler\logitech\logitech webcam software\LWS.exe" /hide mRun: [TkBellExe] "c:\programfiler\fellesfiler\real\update_ob\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\programfiler\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\programfiler\itunes\iTunesHelper.exe" mRun: [MSSE] "c:\programfiler\microsoft security essentials\msseces.exe" -hide dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\felles~1\micros~1\dw\dwtrig20.exe" -t dRun: [Picasa Media Detector] c:\programfiler\picasa2\PicasaMediaDetector.exe StartupFolder: c:\docume~1\tomeft~1\start-~1\progra~1\oppstart\adobeg~1.lnk - c:\programfiler\fellesfiler\adobe\calibration\Adobe Gamma Loader.exe IE: &MSN Search - c:\programfiler\msn toolbar suite\tb2.05.0000.1105\nb-no\msntb.dll/search.htm IE: &Search IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programfiler\windows live\writer\WriterBrowserExtension.dll DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137192183468 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programfiler\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\felles~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ============= SERVICES / DRIVERS =============== R0 WDMCAPI;ISDN PCI CAPI;c:\windows\system32\drivers\WDMCAPI.sys [2002-12-17 730880] R1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2007-12-24 22272] R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2006-1-24 11776] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832] R2 EFUploadSrv;ExtraFilm upload service;c:\programfiler\extrafilm designer no\EFUploadSrv.exe [2009-7-9 1716224] R2 WinDefend;Windows Defender;c:\programfiler\windows defender\MsMpEng.exe [2006-11-3 13592] R3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [2002-12-9 26112] S3 pcwe;pcwe;\??\c:\programfiler\pc wizard 2007\pcw86-32.sys --> c:\programfiler\pc wizard 2007\pcw86-32.sys [?] =============== Created Last 30 ================ 2009-12-15 21:43:40 0 d--h--r- c:\documents and settings\*********\Siste 2009-12-15 21:30:10 0 d-----w- c:\programfiler\Microsoft Security Essentials 2009-12-15 20:33:17 0 d-----w- c:\programfiler\Gameztar Toolbar 2009-12-15 20:33:01 0 dc----w- c:\docume~1\alluse~1\progra~1\{DF8B7D22-CFEA-4F9C-BA2C-2865C5C0BF6B} 2009-12-07 19:11:37 0 d-----w- c:\docume~1\alluse~1\progra~1\hps 2009-12-07 19:03:20 1581704 ----a-w- c:\programfiler\setup_Elkjop_fotoservice.exe 2009-12-07 12:20:49 0 d-----w- c:\programfiler\ExtraFilm Designer NO 2009-12-01 11:05:27 0 d-----w- c:\docume~1\*****~1\progra~1\ExtraFilm 2009-12-01 11:05:05 0 d-----w- c:\docume~1\alluse~1\progra~1\ExtraFilm 2009-11-29 10:27:10 0 d-----w- C:\Games 2009-11-21 17:20:15 0 d-----w- c:\programfiler\StreamTorrent 1.0 ==================== Find3M ==================== 2009-12-09 17:38:18 463128 ----a-w- c:\windows\system32\perfh014.dat 2009-12-09 17:38:17 87824 ----a-w- c:\windows\system32\perfc014.dat 2009-12-07 21:30:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-03 15:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 15:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-28 14:38:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-10-28 14:38:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe 2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2009-10-21 05:41:14 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:41:14 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll 2009-10-21 05:41:14 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:41:14 25088 ------w- c:\windows\system32\dllcache\httpapi.dll 2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys 2009-10-13 10:38:24 270848 ----a-w- c:\windows\system32\oakley.dll 2009-10-13 10:38:24 270848 ------w- c:\windows\system32\dllcache\oakley.dll 2009-10-12 13:40:23 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:40:23 79872 ------w- c:\windows\system32\dllcache\raschap.dll 2009-10-12 13:40:23 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:40:23 149504 ------w- c:\windows\system32\dllcache\rastls.dll 2009-09-20 18:03:25 499712 ----a-w- c:\windows\system32\msvcp71.dll 2008-07-07 19:16:24 32768 --sha-w- c:\windows\system32\config\systemprofile\lokale innstillinger\logg\history.ie5\mshist012008070720080708\index.dat ============= FINISH: 11:51:29,53 =============== Den rapporterer om at avira er opp og kjører, men det blei avinstallert, men muligens ikke fullt, etter at jeg installerte MSE. Har avira laget et sånt fjern-restene-program? Endret 17. desember 2009 av matematikern Lenke til kommentar
norbat Skrevet 17. desember 2009 Del Skrevet 17. desember 2009 Avinstaller eller slett c:\programfiler\Gameztar Toolbar Last ned Hijackthis. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. --- Avira har ikke et avinstalleringsprogram, men derimot en registerrenser (kun på tysk) slik at man kan reinstallere avira og se om man ikke får avinstallert det ordentlig da. Nå trenger ikke du å installere det på nytt, men kjør gjerne registerrensen. Lenke til kommentar
matematikern Skrevet 17. desember 2009 Forfatter Del Skrevet 17. desember 2009 Hijackthis-logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:17:24, on 17.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Programfiler\Microsoft Security Essentials\MsMpEng.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\atwtusb.exe C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\TBLMOUSE.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Logitech\Logitech Vid\vid.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.2.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSSE] "c:\Programfiler\Microsoft Security Essentials\msseces.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Logitech Vid] "C:\Programfiler\Logitech\Logitech Vid\vid.exe" -bootmode O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137192183468 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Barn\Mathias\blåtann\bin\btwdins.exe (file missing) O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe -- End of file - 11565 bytes Lenke til kommentar
norbat Skrevet 17. desember 2009 Del Skrevet 17. desember 2009 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) Gå til legg til/fjern programmer og avinstaller alle gamle javaprogrammer (nyeste er update 17). Etter en slik opprydding bør du nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
matematikern Skrevet 20. desember 2009 Forfatter Del Skrevet 20. desember 2009 Da var dette gjort! Noe mer jeg bør gjøre? Ser at combofix er oppe og går igjen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:34:13, on 20.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Programfiler\Microsoft Security Essentials\MsMpEng.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\atwtusb.exe C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe C:\WINDOWS\system32\TBLMOUSE.EXE C:\Programfiler\Microsoft Security Essentials\msseces.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Logitech\Logitech Vid\vid.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.2.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSSE] "c:\Programfiler\Microsoft Security Essentials\msseces.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Logitech Vid] "C:\Programfiler\Logitech\Logitech Vid\vid.exe" -bootmode O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\npjpi160_17.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\npjpi160_17.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137192183468 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Barn\Mathias\blåtann\bin\btwdins.exe (file missing) O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe -- End of file - 11700 bytes Lenke til kommentar
matematikern Skrevet 23. desember 2009 Forfatter Del Skrevet 23. desember 2009 Er jeg malwarefri nå? Lenke til kommentar
norbat Skrevet 23. desember 2009 Del Skrevet 23. desember 2009 Ja, pc'n skulle være malwarefri nå Lenke til kommentar
DeHawk89 Skrevet 26. desember 2009 Del Skrevet 26. desember 2009 Noen som gidder å lese en "liten" logg fra hjt? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:13:45, on 26.12.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\System32\jureg.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\schtasks.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: ClearWalk - {ABFF69C5-6219-4068-AC0D-BC948488C29F} - (no file) O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" O4 - HKCU\..\Run: [38184428] C:\PROGRA~2\38184428\38184428.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET CLR 1.1.4322)" -"http://www.diddl.no/spill/blomst.htm" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: ClearWalk - {11761036-3A1D-4665-B45C-0859C6257862} - (no file) O9 - Extra 'Tools' menuitem: ClearWalk - {11761036-3A1D-4665-B45C-0859C6257862} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart valgmetode - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...NPUpldnb-no.cab O16 - DPF: {FD60E04A-8F1B-4AC4-8F53-EC5124D610BA} - http://www.buypass.no/support/jnipcsc5/Jni...ate_5.2.0.0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E2228232-DA86-4F05-B258-6B00B8D456BA}: NameServer = 193.213.112.4 130.67.15.198 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 9791 bytes Lenke til kommentar
raWrz Skrevet 26. desember 2009 Del Skrevet 26. desember 2009 Lag en ny tråd der du poster loggene og evnt. beskriver problemet ditt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå