Krillekongen Skrevet 11. februar 2007 Del Skrevet 11. februar 2007 God aften, folkens! Jeg har hatt en del dritt på pc'en, og nå har jeg lyst til å få rensket opp once and for all. Har lest guiden her og gjort det som står. Logg fra HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 01:28:47, on 11/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\Programmer\BT\bin\btwdins.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe D:\Programmer\PowerDVD\PDVDServ.exe C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe D:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\system32\rundll32.exe D:\Programmer\OmniPage SE\OpwareSE2.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe D:\Programfiler\WebcamMax\CAMTHINS.exe C:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\POP-UP~1\PSFree.exe C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE C:\Programfiler\ATI Multimedia\main\ATIDtct.EXE D:\Programmer\BT\BTTray.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Wacom\TabUserW.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Documents and Settings\Brage\Skrivebord\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\programmer\Acrobat Reader 5.0.5\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {580049CD-A850-0152-FED7-2C2058AAF3A1} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7B92206E-6ED4-6CC6-AF38-ED556F479E42} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C6498BD6-AF60-6354-52FE-B2E289513293} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [RemoteControl] D:\Programmer\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] D:\Programfiler\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "D:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [OpwareSE2] "D:\Programmer\OmniPage SE\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ats] C:\WINDOWS\system32\asd\loadqm.exe noshow O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Programfiler\WebcamMax\CAMTHINS.exe" /m O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [steam] "d:\programmer\steam\steam.exe" -silent O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSN Webcam Recorder] "D:\Programmer\MSN Webcam Recorder\ml20gui.exe" -silent O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programfiler\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programfiler\ATI Multimedia\main\ATIDtct.EXE O4 - Startup: CamTrack.lnk = D:\Programfiler\DigitalPeers\CamTrack\camtrack.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: TabUserW.lnk = C:\Programfiler\Wacom\TabUserW.exe O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Erebus\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://D:\Erebus\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Erebus\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Erebus\Free Download Manager\dlpage.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - D:\Programmer\BT\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opprett mobil favoritt - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programfiler\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmer\BT\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmer\BT\btsendto_ie.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Brage\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - D:\Brage\Poker.com\Poker.exe (file missing) (HKCU) O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118614007549 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Programmer\SAS\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programmer\BT\bin\btwdins.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe Logg fra SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan LogGenerated 02/11/2007 at 01:11 AM Application Version : 3.5.1016 Core Rules Database Version : 3141 Trace Rules Database Version: 1157 Scan type : Complete Scan Total Scan Time : 01:05:44 Memory items scanned : 170 Memory threats detected : 0 Registry items scanned : 6150 Registry threats detected : 0 File items scanned : 52702 File threats detected : 3 Adware.Tracking Cookie C:\Documents and Settings\Brage\Cookies\[email protected][1].txt C:\Documents and Settings\Brage\Cookies\[email protected][1].txt C:\Documents and Settings\Brage\Cookies\[email protected][2].txt Hva gjør jeg nå? Lenke til kommentar
norbat Skrevet 11. februar 2007 Del Skrevet 11. februar 2007 Hei, BrageC Last ned CWShredder på skrivebordet og kjør programmet. Velg fix. Kjør HJT og fix: O2 - BHO: (no name) - {580049CD-A850-0152-FED7-2C2058AAF3A1} - (no file) O2 - BHO: (no name) - {7B92206E-6ED4-6CC6-AF38-ED556F479E42} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C6498BD6-AF60-6354-52FE-B2E289513293} - (no file) O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe Ta en onlinescan på http://www.kaspersky.com. Klikk 'Accept' og velg å installere en ActiveX-komponent. Programmet vil starte med å laste ned de siste definisjonsfilene. Klikk på 'Scan Setting' og sjekk at følgende er valgt: Under Anti-Virus database: extended Under 'Scan Options' skal begge valg være valgt. Klikk OK Nå er du klar til å scanne. Velg 'My Computer' og scanningen starter. Når scanningen er ferdig (det tar nok sin tid....) lagrer du loggen (Save as Text) og posten loggen i neste post sammen med en ny HJT-logg Lenke til kommentar
Gjest medlem-105082 Skrevet 11. februar 2007 Del Skrevet 11. februar 2007 Norbat kommer alltid før meg. Var jo akkorat ferdig å skirve så ser jeg Norbat har postet et innlegg. Er vel kanskje best Lenke til kommentar
Krillekongen Skrevet 11. februar 2007 Forfatter Del Skrevet 11. februar 2007 Okok, takk for all hjelp så langt Her er ny HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 16:18:16, on 11/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\Programmer\BT\bin\btwdins.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\Mixer.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe D:\Programmer\PowerDVD\PDVDServ.exe C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe D:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\system32\rundll32.exe D:\Programmer\OmniPage SE\OpwareSE2.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE C:\Programfiler\ATI Multimedia\main\ATIDtct.EXE D:\Programmer\BT\BTTray.exe C:\Programfiler\Wacom\TabUserW.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Java\jre1.5.0_06\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\iexplore.exe D:\Programmer\Opera\Opera.exe C:\Documents and Settings\Brage\Skrivebord\hijackthis\bucket.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\programmer\Acrobat Reader 5.0.5\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [RemoteControl] D:\Programmer\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] D:\Programfiler\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "D:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [OpwareSE2] "D:\Programmer\OmniPage SE\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ats] C:\WINDOWS\system32\asd\loadqm.exe noshow O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Programfiler\WebcamMax\CAMTHINS.exe" /m O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [steam] "d:\programmer\steam\steam.exe" -silent O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSN Webcam Recorder] "D:\Programmer\MSN Webcam Recorder\ml20gui.exe" -silent O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programfiler\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programfiler\ATI Multimedia\main\ATIDtct.EXE O4 - Startup: CamTrack.lnk = D:\Programfiler\DigitalPeers\CamTrack\camtrack.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: TabUserW.lnk = C:\Programfiler\Wacom\TabUserW.exe O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Erebus\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://D:\Erebus\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Erebus\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Erebus\Free Download Manager\dlpage.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - D:\Programmer\BT\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opprett mobil favoritt - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programfiler\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmer\BT\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmer\BT\btsendto_ie.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Brage\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - D:\Brage\Poker.com\Poker.exe (file missing) (HKCU) O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118614007549 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Programmer\SAS\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programmer\BT\bin\btwdins.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe Her er KS: Klikk for å se/fjerne innholdet nedenfor ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, February 11, 2007 4:17:35 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 11/02/2007 Kaspersky Anti-Virus database records: 266796 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics: Total number of scanned objects: 172438 Number of viruses found: 5 Number of infected objects: 8 / 0 Number of suspicious objects: 1 Duration of the scan process: 01:47:25 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Programdata\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Programdata\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Programdata\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Programdata\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Programdata\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Brage\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Programdata\ApplicationHistory\CLI.EXE.cf0e47d0.ini.inuse Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\ mon001.log Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\miunst_.exe Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\Perflib_Perfdata_9b4.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\Perflib_Perfdata_bac.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\Perflib_Perfdata_bc0.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Brage\ntuser.dat Object is locked skipped C:\Documents and Settings\Brage\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\Brage\Programdata\AVG7\Log\emc.log Object is locked skipped C:\Documents and Settings\Brage\Programdata\Mozilla\Firefox\Profiles\5sob74ot.Default User\Cache(2)\712C8828d01 Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped C:\Documents and Settings\Brage\Skrivebord\hijackthis\backups\backup-20070211-134428-139 Suspicious: Exploit.HTML.Mht skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT-MYNDIGHET\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.NT-MYNDIGHET\ntuser.dat.LOG Object is locked skipped C:\Programfiler\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\Programfiler\MsMovies\p.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped C:\Programfiler\MsMovies\p.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{1B827AAD-22F5-4290-B3F0-8E2A3BFAD597}\RP676\change.log Object is locked skipped C:\WINDOWS\$_hpcst$.hpc Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd9213.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Programmer\BS\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped D:\Programmer\BS\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped D:\Programmer\BS\Installer\BSInstall5.2.5.1.exe WiseSFX: infected - 2 skipped D:\Programmer\BS\Installer\BSInstall5.2.5.1.exe WiseSFX Dropper: infected - 2 skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{276D181E-BF6A-4D46-B8BA-9386C75ABD0A}\RP92\A0066252.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped Scan process completed. Lenke til kommentar
norbat Skrevet 11. februar 2007 Del Skrevet 11. februar 2007 Okok, takk for all hjelp så langt Her er ny HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 16:18:16, on 11/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\Programmer\BT\bin\btwdins.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\Mixer.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe D:\Programmer\PowerDVD\PDVDServ.exe C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe D:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\system32\rundll32.exe D:\Programmer\OmniPage SE\OpwareSE2.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE C:\Programfiler\ATI Multimedia\main\ATIDtct.EXE D:\Programmer\BT\BTTray.exe C:\Programfiler\Wacom\TabUserW.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Java\jre1.5.0_06\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\iexplore.exe D:\Programmer\Opera\Opera.exe C:\Documents and Settings\Brage\Skrivebord\hijackthis\bucket.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\programmer\Acrobat Reader 5.0.5\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [RemoteControl] D:\Programmer\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] D:\Programfiler\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "D:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [OpwareSE2] "D:\Programmer\OmniPage SE\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ats] C:\WINDOWS\system32\asd\loadqm.exe noshow O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Programfiler\WebcamMax\CAMTHINS.exe" /m O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [steam] "d:\programmer\steam\steam.exe" -silent O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSN Webcam Recorder] "D:\Programmer\MSN Webcam Recorder\ml20gui.exe" -silent O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programfiler\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programfiler\ATI Multimedia\main\ATIDtct.EXE O4 - Startup: CamTrack.lnk = D:\Programfiler\DigitalPeers\CamTrack\camtrack.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: TabUserW.lnk = C:\Programfiler\Wacom\TabUserW.exe O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Erebus\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://D:\Erebus\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Erebus\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Erebus\Free Download Manager\dlpage.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - D:\Programmer\BT\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opprett mobil favoritt - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programfiler\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmer\BT\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmer\BT\btsendto_ie.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Brage\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - D:\Brage\Poker.com\Poker.exe (file missing) (HKCU) O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118614007549 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Programmer\SAS\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programmer\BT\bin\btwdins.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe Her er KS: Klikk for å se/fjerne innholdet nedenfor ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, February 11, 2007 4:17:35 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 11/02/2007 Kaspersky Anti-Virus database records: 266796 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics: Total number of scanned objects: 172438 Number of viruses found: 5 Number of infected objects: 8 / 0 Number of suspicious objects: 1 Duration of the scan process: 01:47:25 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Programdata\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Programdata\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Programdata\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Programdata\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Programdata\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Brage\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Programdata\ApplicationHistory\CLI.EXE.cf0e47d0.ini.inuse Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\ mon001.log Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\miunst_.exe Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\Perflib_Perfdata_9b4.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\Perflib_Perfdata_bac.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temp\Perflib_Perfdata_bc0.dat Object is locked skipped C:\Documents and Settings\Brage\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Brage\ntuser.dat Object is locked skipped C:\Documents and Settings\Brage\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\Brage\Programdata\AVG7\Log\emc.log Object is locked skipped C:\Documents and Settings\Brage\Programdata\Mozilla\Firefox\Profiles\5sob74ot.Default User\Cache(2)\712C8828d01 Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped C:\Documents and Settings\Brage\Skrivebord\hijackthis\backups\backup-20070211-134428-139 Suspicious: Exploit.HTML.Mht skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService.NT-MYNDIGHET\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT-MYNDIGHET\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.NT-MYNDIGHET\ntuser.dat.LOG Object is locked skipped C:\Programfiler\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\Programfiler\MsMovies\p.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped C:\Programfiler\MsMovies\p.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{1B827AAD-22F5-4290-B3F0-8E2A3BFAD597}\RP676\change.log Object is locked skipped C:\WINDOWS\$_hpcst$.hpc Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd9213.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Programmer\BS\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped D:\Programmer\BS\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped D:\Programmer\BS\Installer\BSInstall5.2.5.1.exe WiseSFX: infected - 2 skipped D:\Programmer\BS\Installer\BSInstall5.2.5.1.exe WiseSFX Dropper: infected - 2 skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{276D181E-BF6A-4D46-B8BA-9386C75ABD0A}\RP92\A0066252.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped I:\Mac\Picture\ Object is locked skipped Scan process completed. 7920200[/snapback] Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Last ned drweb Restart i sikker modus (tapp f8 under oppstart) Kjør CCleaner og sjekk under 'Programmer' at cache for nettleserene dine er avkrysset. Bruk utforsker til å finne og slette (i bold): C:\Programfiler\MsMovies D:\Programmer\BS Kjør drweb -den vil kjøre en expresscan. -når det er ferdig velger du Options->Change settings. i fanebladet Scan, fjern merke ved Heuristic analysis. i fanebladet Actions, forandres punktene under Malware til Rename. -velg partisjon og kjør en scan Restart i normal modus og fortell hvordan pc'n fungerer. Lenke til kommentar
Krillekongen Skrevet 11. februar 2007 Forfatter Del Skrevet 11. februar 2007 Har gjort alt du sa, og nå fungerer pc'en mye bedre Tusen takk for hjelpen! Lenke til kommentar
norbat Skrevet 11. februar 2007 Del Skrevet 11. februar 2007 Det kan være lurt å nullstille gjenopprettingsmappa slik at man ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett hake framfor: "Slå av .........", restart pc, fjern haken igjen for å aktivere funksjonen- Etterpå lager du deg et gjenopprettingspunkt manuelt Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette et nytt. Navgi det og klikk opprett. Du bør oppdatere javaen din. Programmene DrWeb og CWShredder, kan du bare slette. Trenger du dem igjen er det bare å laste ned nye. Hvis du ikke har et antispywareprog, kan du beholde SAS, som er et av de beste. Du kan i Preferences sette programmet til ikke å starte opp sammen med Windows. CCleaner kan du også beholde og kjøre 1 gang i uka for å rydde jevnlig i temp-filene. Noen runder (helt til det ikke finner flere feil) med 'Saker' kan også være nyttig og kjøre da det sletter en del unødvendige filer. Lenke til kommentar
ejvindh Skrevet 12. februar 2007 Del Skrevet 12. februar 2007 Hej Norbat, Jeg har nogle ting, jeg godt kunne tænke mig at skrive med dig om, og jeg ville høre, om jeg kunne få dig til at sende en email til mig? Jeg kan kontaktes på: ejvindh [at] spywarefri.dk Lenke til kommentar
Gjest medlem-105082 Skrevet 12. februar 2007 Del Skrevet 12. februar 2007 NORBAT kommer til å bli kjent!!!! Ser for meg du jobber hos Bill Gates som ledene Spywarejeger Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå