Kan noen sjekke denne HiJack loggen?

[Wyldelife]

Her:

Logfile of HijackThis v1.99.1

Scan saved at 21:48:42, on 19.10.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Spyware Doctor\sdhelp.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Programfiler\Canon\CAL\CALMAIN.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe

C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

C:\WINDOWS\system32\ctfmon.exe

C:\programfiler\valve\steam\steam.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Opera\Opera.exe

C:\Documents and Settings\T***** M*****\Skrivebord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Cole2k Media Toolbar Helper - {08825191-C3C7-44e9-8CA6-07AB521FA8F2} - C:\Programfiler\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~2\PRINTV~1\PRINTH~1.DLL

O3 - Toolbar: Cole2k Media Toolbar - {015407A9-D183-4379-8452-DFD7C2297902} - C:\Programfiler\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe"  -lang 1033

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [smapp] C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe

O4 - HKLM\..\Run: [Antiy Auto Update] C:\Programfiler\Antiy Labs\Alive\AliveCenter.exe

O4 - HKLM\..\Run: [AGB5Monitor] C:\Programfiler\Antiy Labs\AGuard\AGuard.exe /AutoRun

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Konfabulator.lnk = D:\Programfiler\Pixoria\Konfabulator\Konfabulator.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: Ubisoft register.lnk = C:\Programfiler\Ubisoft\Register\schedule.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

 

 

Vær så snill, er desperat :/

[Pozzolan]

1. Last ned Killbox

 

2. Slå av systemgjenopprettning

 

3. Start maskinen i sikkermodus

 

4. Slett følgende med hijackthis:

 

 

O2 - BHO: Cole2k Media Toolbar Helper - {08825191-C3C7-44e9-8CA6-07AB521FA8F2} - C:\Programfiler\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Cole2k Media Toolbar - {015407A9-D183-4379-8452-DFD7C2297902} - C:\Programfiler\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe

 

 

5. Slett følgende med killbox:

 

C:\Programfiler\Cole2k Media Toolbar\
C:\PROGRA~2\PRINTV~1\pvmodule.exe

 

6. Start maskinen i vanlig modus

 

7. Post en fersk hijackthislogg.

[Wyldelife]

Har et spørsmål:

Hvordan starter man dataen i sikker modus?

Hvordan sletter man i hijack?

og hvordan slår man av systemgjennopp.

Endret 20. oktober 2006 av Fanta Boy

[Pozzolan]

https://www.diskusjon.no/index.php?showtopic=575063&hl=

[Wyldelife]

Killbox sier at denne filen ikke eksisterer :O

 

DENNNE FILEN: C:\PROGRA~2\PRINTV~1\pvmodule.exe

[Pozzolan]

Hva med

 

C:\Programfiler\PRINTV\pvmodule.exe ?

Prøv å åpne programfiler mappen å se etter et navn som ligner PRINTV. Hvis du finner en slett den med killbox

[Wyldelife]

og da er jeg ferdig? har holdt på med dette i nesten hele dag

[Wyldelife]

sorry å dobble poste, men akkurat nå driter jeg i tegnsetting og forumet

Killbox finner heller ikke noe med PRINTV på, betyr det at jeg bare skal sette datan i vanlig modus igjen?

 

 

svar raskt plz

[Pozzolan]

Hvis alt som jeg ba deg poste er slettet så ja.

Post en hjt logg for sikkerhets skyld.

[Wyldelife]

dkal jeg sette på systemgjennomnretting også?

[Wyldelife]

Alt i orden nå, takket være stealthy!

 

 

Er evig takknemlig stealth!

 

3 ganger woot!

 

Endret 20. oktober 2006 av Fanta Boy