EspenFe Skrevet 22. mai 2007 Del Skrevet 22. mai 2007 (endret) Når jeg har sett gjennom forumet så ser jeg at norbat er best på fjerning av virus. Kan du hjelpe meg med virus-fjerning på en pc til min onkel ? Her har du HiJackThis log : Logfile of HijackThis v1.99.1 Scan saved at 22:39:17, on 22.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\BitLord\BitLord.exe C:\Programfiler\WinRAR\WinRAR.exe C:\DOCUME~1\BJRNFE~1\LOKALE~1\Temp\Rar$EX00.063\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....c=no&l=no&s=gen R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - (no file) O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Programfiler\SmartShopper\Bin\2.0.20\SmrtShpr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Programfiler\SmartShopper\Bin\2.0.20\SmrtShpr.dll O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Programfiler\SmartShopper\Bin\2.0.20\SmrtShpr.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file) O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - (no file) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE SAS logg : SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/23/2007 at 00:00 AM Application Version : 3.7.1018 Core Rules Database Version : 3242 Trace Rules Database Version: 1253 Scan type : Complete Scan Total Scan Time : 01:07:07 Memory items scanned : 396 Memory threats detected : 0 Registry items scanned : 5193 Registry threats detected : 151 File items scanned : 38324 File threats detected : 77 Adware.HotBar/ShopperReports (Low Risk) HKLM\Software\Classes\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089} HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089} HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089} HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\Implemented Categories HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\InprocServer32 HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\InprocServer32#ThreadingModel HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\ProgID HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\TypeLib HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\VersionIndependentProgID C:\PROGRAMFILER\SMARTSHOPPER\BIN\2.0.20\SMRTSHPR.DLL HKLM\Software\Classes\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\InprocServer32 HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\InprocServer32#ThreadingModel HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\ProgID HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\TypeLib HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\VersionIndependentProgID HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} HKU\S-1-5-21-3232020729-1730042507-408860900-1006\Software\Microsoft\Internet Explorer\Explorer Bars\{137E6E5E-A205-4657-A49F-1AB865787089} Trojan.Smitfraud Variant HKLM\Software\Classes\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413} HKCR\CLSID\{DA3B49F6-8C54-4429-A275-21A86DCCA413} HKCR\CLSID\{DA3B49F6-8C54-4429-A275-21A86DCCA413}\InProcServer32 HKCR\CLSID\{DA3B49F6-8C54-4429-A275-21A86DCCA413}\InProcServer32#ThreadingModel C:\WINDOWS\SYSTEM32\XUOCE.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{da3b49f6-8c54-4429-a275-21a86dcca413} Unclassified.Unknown Origin HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{8329660f-e248-4872-98cc-fb9c4fec7ba8} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#didynamia Adware.Tracking Cookie C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@mediaplex[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@1072622249[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@serving-sys[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@1072737778[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@1072722497[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@1070999233[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@zedo[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@atdmt[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@adultfriendfinder[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@adtech[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@fastclick[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@statcounter[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@adultrental[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@worldsexmate[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@cgi-bin[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@adinterax[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@revsci[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@adbrite[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@rambler[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@2o7[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@atwola[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@clicktorrent[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@advertising[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@sextracker[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@doubleclick[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevå[email protected][1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@tradedoubler[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@sexpics[1].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@cgi-bin[2].txt C:\Documents and Settings\Bjørn Fevåg\Cookies\bjørn fevåg@sexproadventures[1].txt Trojan.Security Toolbar C:\Documents and Settings\Bjørn Fevåg\Favoritter\Antivirus Test Online.url Trojan.Media-Codec HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#emptins [ {588599f4-de26-4c28-ba14-f4eb17e33481} ] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{588599f4-de26-4c28-ba14-f4eb17e33481} [ emptins ] Malware.SpyDawn HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B} HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\fLsyAznUfsnpd HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\fopKal HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\fsfvkL HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InprocServer32 HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InprocServer32#ThreadingModel HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\jgyBfewvblfet HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\nryzyQjmrwbA HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\ProgID HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\vcErjfhJbxD HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\Zicj C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP183\A0013405.EXE Malware.SpyLocked HKCR\videoaccessactivex.Chl HKCR\videoaccessactivex.Chl\CLSID HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708} HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\chtBiWyoDmtm HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\evodJsypc HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\exyDppmhbne HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\InprocServer32 HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\InprocServer32#ThreadingModel HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\ProgID HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\stncjnxwjvks HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\TypeLib HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\VersionIndependentProgID HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\whbqd HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\whPwMnssfbpb HKLM\Software\SpyLocked 3.6 HKLM\Software\SpyLocked 3.6#refid HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6#NSIS:StartMenuDir HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6#URLInfoAbout HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6#Publisher HKCR\TypeLib\{1E033191-2D29-4E24-89E9-1DD85EA75078} HKCR\TypeLib\{1E033191-2D29-4E24-89E9-1DD85EA75078}\1.0 HKCR\TypeLib\{1E033191-2D29-4E24-89E9-1DD85EA75078}\1.0\0 HKCR\TypeLib\{1E033191-2D29-4E24-89E9-1DD85EA75078}\1.0\0\win32 HKCR\TypeLib\{1E033191-2D29-4E24-89E9-1DD85EA75078}\1.0\FLAGS HKCR\TypeLib\{1E033191-2D29-4E24-89E9-1DD85EA75078}\1.0\HELPDIR HKCR\Interface\{05061FBD-4124-4EAE-BEFE-B844303A2D74} HKCR\Interface\{05061FBD-4124-4EAE-BEFE-B844303A2D74}\ProxyStubClsid HKCR\Interface\{05061FBD-4124-4EAE-BEFE-B844303A2D74}\ProxyStubClsid32 HKCR\Interface\{05061FBD-4124-4EAE-BEFE-B844303A2D74}\TypeLib HKCR\Interface\{05061FBD-4124-4EAE-BEFE-B844303A2D74}\TypeLib#Version HKCR\Interface\{0D0E7125-9728-40AC-9FC1-CA3C26A0E9AC} HKCR\Interface\{0D0E7125-9728-40AC-9FC1-CA3C26A0E9AC}\ProxyStubClsid HKCR\Interface\{0D0E7125-9728-40AC-9FC1-CA3C26A0E9AC}\ProxyStubClsid32 HKCR\Interface\{0D0E7125-9728-40AC-9FC1-CA3C26A0E9AC}\TypeLib HKCR\Interface\{0D0E7125-9728-40AC-9FC1-CA3C26A0E9AC}\TypeLib#Version HKCR\Interface\{17DA0ADA-D080-476A-8A32-29961B3145DA} HKCR\Interface\{17DA0ADA-D080-476A-8A32-29961B3145DA}\ProxyStubClsid HKCR\Interface\{17DA0ADA-D080-476A-8A32-29961B3145DA}\ProxyStubClsid32 HKCR\Interface\{17DA0ADA-D080-476A-8A32-29961B3145DA}\TypeLib HKCR\Interface\{17DA0ADA-D080-476A-8A32-29961B3145DA}\TypeLib#Version HKCR\Interface\{27E4B73F-3C78-4463-888D-AE36C6F3ABFC} HKCR\Interface\{27E4B73F-3C78-4463-888D-AE36C6F3ABFC}\ProxyStubClsid HKCR\Interface\{27E4B73F-3C78-4463-888D-AE36C6F3ABFC}\ProxyStubClsid32 HKCR\Interface\{27E4B73F-3C78-4463-888D-AE36C6F3ABFC}\TypeLib HKCR\Interface\{27E4B73F-3C78-4463-888D-AE36C6F3ABFC}\TypeLib#Version HKCR\Interface\{3EEC58B4-FE87-4885-AE8A-B19E7454BD03} HKCR\Interface\{3EEC58B4-FE87-4885-AE8A-B19E7454BD03}\ProxyStubClsid HKCR\Interface\{3EEC58B4-FE87-4885-AE8A-B19E7454BD03}\ProxyStubClsid32 HKCR\Interface\{3EEC58B4-FE87-4885-AE8A-B19E7454BD03}\TypeLib HKCR\Interface\{3EEC58B4-FE87-4885-AE8A-B19E7454BD03}\TypeLib#Version HKCR\Interface\{3F0B05B7-FD07-43A3-82CA-8DD6C75363D7} HKCR\Interface\{3F0B05B7-FD07-43A3-82CA-8DD6C75363D7}\ProxyStubClsid HKCR\Interface\{3F0B05B7-FD07-43A3-82CA-8DD6C75363D7}\ProxyStubClsid32 HKCR\Interface\{3F0B05B7-FD07-43A3-82CA-8DD6C75363D7}\TypeLib HKCR\Interface\{3F0B05B7-FD07-43A3-82CA-8DD6C75363D7}\TypeLib#Version HKCR\Interface\{4EDB0354-F87D-4C60-B5F8-B09D30247BF3} HKCR\Interface\{4EDB0354-F87D-4C60-B5F8-B09D30247BF3}\ProxyStubClsid HKCR\Interface\{4EDB0354-F87D-4C60-B5F8-B09D30247BF3}\ProxyStubClsid32 HKCR\Interface\{4EDB0354-F87D-4C60-B5F8-B09D30247BF3}\TypeLib HKCR\Interface\{4EDB0354-F87D-4C60-B5F8-B09D30247BF3}\TypeLib#Version HKCR\Interface\{62DDEE51-44C6-44F9-B8CC-CC85C7BDD54D} HKCR\Interface\{62DDEE51-44C6-44F9-B8CC-CC85C7BDD54D}\ProxyStubClsid HKCR\Interface\{62DDEE51-44C6-44F9-B8CC-CC85C7BDD54D}\ProxyStubClsid32 HKCR\Interface\{62DDEE51-44C6-44F9-B8CC-CC85C7BDD54D}\TypeLib HKCR\Interface\{62DDEE51-44C6-44F9-B8CC-CC85C7BDD54D}\TypeLib#Version HKCR\Interface\{71FBB0FF-3295-4435-966D-C966DC86DC18} HKCR\Interface\{71FBB0FF-3295-4435-966D-C966DC86DC18}\ProxyStubClsid HKCR\Interface\{71FBB0FF-3295-4435-966D-C966DC86DC18}\ProxyStubClsid32 HKCR\Interface\{71FBB0FF-3295-4435-966D-C966DC86DC18}\TypeLib HKCR\Interface\{71FBB0FF-3295-4435-966D-C966DC86DC18}\TypeLib#Version HKCR\Interface\{7578BE5C-0F58-4914-A8E4-6446A94FA82B} HKCR\Interface\{7578BE5C-0F58-4914-A8E4-6446A94FA82B}\ProxyStubClsid HKCR\Interface\{7578BE5C-0F58-4914-A8E4-6446A94FA82B}\ProxyStubClsid32 HKCR\Interface\{7578BE5C-0F58-4914-A8E4-6446A94FA82B}\TypeLib HKCR\Interface\{7578BE5C-0F58-4914-A8E4-6446A94FA82B}\TypeLib#Version HKCR\Interface\{8B317816-B6CD-4F56-88D8-02FA916C5C54} HKCR\Interface\{8B317816-B6CD-4F56-88D8-02FA916C5C54}\ProxyStubClsid HKCR\Interface\{8B317816-B6CD-4F56-88D8-02FA916C5C54}\ProxyStubClsid32 HKCR\Interface\{8B317816-B6CD-4F56-88D8-02FA916C5C54}\TypeLib HKCR\Interface\{8B317816-B6CD-4F56-88D8-02FA916C5C54}\TypeLib#Version HKCR\Interface\{9AF243AF-0FBF-4FD8-9D12-0442BE49D64B} HKCR\Interface\{9AF243AF-0FBF-4FD8-9D12-0442BE49D64B}\ProxyStubClsid HKCR\Interface\{9AF243AF-0FBF-4FD8-9D12-0442BE49D64B}\ProxyStubClsid32 HKCR\Interface\{9AF243AF-0FBF-4FD8-9D12-0442BE49D64B}\TypeLib HKCR\Interface\{9AF243AF-0FBF-4FD8-9D12-0442BE49D64B}\TypeLib#Version HKCR\Interface\{9D01BC12-D61A-4828-AA88-A4FFFC393C0D} HKCR\Interface\{9D01BC12-D61A-4828-AA88-A4FFFC393C0D}\ProxyStubClsid HKCR\Interface\{9D01BC12-D61A-4828-AA88-A4FFFC393C0D}\ProxyStubClsid32 HKCR\Interface\{9D01BC12-D61A-4828-AA88-A4FFFC393C0D}\TypeLib HKCR\Interface\{9D01BC12-D61A-4828-AA88-A4FFFC393C0D}\TypeLib#Version HKCR\Interface\{A8870ADF-5E61-44B9-A443-439BC30CE341} HKCR\Interface\{A8870ADF-5E61-44B9-A443-439BC30CE341}\ProxyStubClsid HKCR\Interface\{A8870ADF-5E61-44B9-A443-439BC30CE341}\ProxyStubClsid32 HKCR\Interface\{A8870ADF-5E61-44B9-A443-439BC30CE341}\TypeLib HKCR\Interface\{A8870ADF-5E61-44B9-A443-439BC30CE341}\TypeLib#Version HKCR\Interface\{D8F9E49E-80BE-4BD8-8EFE-3124228105DC} HKCR\Interface\{D8F9E49E-80BE-4BD8-8EFE-3124228105DC}\ProxyStubClsid HKCR\Interface\{D8F9E49E-80BE-4BD8-8EFE-3124228105DC}\ProxyStubClsid32 HKCR\Interface\{D8F9E49E-80BE-4BD8-8EFE-3124228105DC}\TypeLib HKCR\Interface\{D8F9E49E-80BE-4BD8-8EFE-3124228105DC}\TypeLib#Version HKCR\Interface\{E92E6F2D-2CA1-4B39-BBAA-D685F4A0FB40} HKCR\Interface\{E92E6F2D-2CA1-4B39-BBAA-D685F4A0FB40}\ProxyStubClsid HKCR\Interface\{E92E6F2D-2CA1-4B39-BBAA-D685F4A0FB40}\ProxyStubClsid32 HKCR\Interface\{E92E6F2D-2CA1-4B39-BBAA-D685F4A0FB40}\TypeLib HKCR\Interface\{E92E6F2D-2CA1-4B39-BBAA-D685F4A0FB40}\TypeLib#Version C:\RECYCLER\NPROTECT\00121230.URL C:\RECYCLER\NPROTECT\00121231.EXE Trojan.Media-Codec/V2 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\BJøRN FEVåG\FAVORITTER\ONLINE SECURITY TEST.URL C:\RECYCLER\NPROTECT\00120204.URL C:\RECYCLER\NPROTECT\00120205.URL C:\RECYCLER\NPROTECT\00120206.URL Adware.Zango Toolbar/Hb C:\RECYCLER\NPROTECT\00124258.DLL Adware.180solutions/Seekmo C:\RECYCLER\NPROTECT\00124259.DLL C:\RECYCLER\NPROTECT\00124260.EXE C:\RECYCLER\NPROTECT\00124263.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP217\A0015402.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP217\A0015403.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP217\A0015405.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP217\A0015408.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP217\A0015412.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP217\A0015414.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP217\A0015415.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP229\A0016931.DLL Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\OT.ICO C:\WINDOWS\SYSTEM32\TS.ICO Håper dette var nok. Har scannet i 2 timer nå. Endelig sengs. Natta, - Espen Endret 23. mai 2007 av EspenFe Lenke til kommentar
norbat Skrevet 23. mai 2007 Del Skrevet 23. mai 2007 Hei, Avinstaller fra legg til/fjern programmer: SmartShopper Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - (no file) O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Programfiler\SmartShopper\Bin\2.0.20\SmrtShpr.dll O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file) O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - (no file) Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' til det ikke finner flere feil. Bruk utforsker til å finne og slette (i fet): C:\Programfiler\SmartShopper (mulig du må gjøre dette fra sikker modus) Restart pc'n Post en ny HJT-logg og fortell hvordan pc'n kjører Lenke til kommentar
EspenFe Skrevet 23. mai 2007 Forfatter Del Skrevet 23. mai 2007 (endret) Hei norbat. Takk for at du vil hjelpe meg, men jeg finner ingen av filene ? legger ved et bilde : Endret 23. mai 2007 av EspenFe Lenke til kommentar
norbat Skrevet 23. mai 2007 Del Skrevet 23. mai 2007 Nei, og det kan skyldes at HJT-loggen du la ut i 1.post er kjørt FØR SAS-scanningen? Post en ny HJT-logg, så ser vi om det ligger noe mer der. Hvordan kjører pc'n forøvrig? Lenke til kommentar
EspenFe Skrevet 23. mai 2007 Forfatter Del Skrevet 23. mai 2007 Nei, og det kan skyldes at HJT-loggen du la ut i 1.post er kjørt FØR SAS-scanningen? Post en ny HJT-logg, så ser vi om det ligger noe mer der. Hvordan kjører pc'n forøvrig? 8679879[/snapback] Synes maskina har blitt litt raskere. Han klager på at den er treg til å starte o.s.v Han har AVG antivirus hvisa du lurte Ny HJT- logg : Logfile of HijackThis v1.99.1 Scan saved at 14:30:28, on 23.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\WinRAR\WinRAR.exe C:\DOCUME~1\BJRNFE~1\LOKALE~1\Temp\Rar$EX05.000\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....c=no&l=no&s=gen R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Lenke til kommentar
norbat Skrevet 23. mai 2007 Del Skrevet 23. mai 2007 Loggen er ren Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' til den ikke finner flere feil. Du bør oppdatere JAVA: http://java.com/en/download/index.jsp Du bør også nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå