SpecialForce Skrevet 25. juni 2007 Del Skrevet 25. juni 2007 (endret) Hei! jeg har en acer travelmate 3040 med litt "rusk i forgasseren" og trenger hjelp fra noen kompetente diskusjon.no-brukere. HiJackThis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:54:18, on 25.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\bjorn\LOKALE~1\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\GraviSense\GraviSense.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\retadpu41.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WinPop\winpop.exe C:\Documents and Settings\bjorn\Mine dokumenter\??stem32\n?tepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programfiler\Adobe\Reader\Reader\reader_sl.exe C:\Programfiler\ProcessTamer\ProcessTamerTray.exe C:\Documents and Settings\bjorn\Skrivebord\test.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu41.exe 61A847B5BBF72816338B2B27128065E9C085320161C4661227A755E9D29064183387384A72E512F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E7C39D775A67 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinPop] C:\Programfiler\WinPop\winpop.exe O4 - HKCU\..\Run: [Trpt] "C:\PROGRA~1\WNSXS~1\explorer.exe" -vt yazb O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Tgkbg] "C:\Documents and Settings\bjorn\Mine dokumenter\??stem32\n?tepad.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ProcessTamer.lnk = C:\Programfiler\ProcessTamer\ProcessTamerTray.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Reader\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://portalen.holeskolen.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175091773437 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178828479515 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ringerike.int O17 - HKLM\Software\..\Telephony: DomainName = ringerike.int O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ringerike.int O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe -- End of file - 13529 bytes SuperAntiSpyware: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/25/2007 at 12:19 PM Application Version : 3.8.1002 Core Rules Database Version : 3260 Trace Rules Database Version: 1271 Scan type : Complete Scan Total Scan Time : 00:25:46 Memory items scanned : 697 Memory threats detected : 3 Registry items scanned : 5881 Registry threats detected : 13 File items scanned : 28416 File threats detected : 58 Trojan.Downloader-Gen/RetAd C:\WINDOWS\RETADPU41.EXE C:\WINDOWS\RETADPU41.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\retadpu41.exe 61A847B5BBF72816338B2B27128065E9C085320161C4661227A755E9D29064183387384A72E512F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E7C39D775A67 ] C:\WINDOWS\Prefetch\RETADPU41.EXE-333AEE89.pf Trojan.Downloader-Gen/WinPop C:\PROGRAMFILER\WINPOP\WINPOP.EXE C:\PROGRAMFILER\WINPOP\WINPOP.EXE C:\Programfiler\WinPop\UnInstall.exe C:\Programfiler\WinPop C:\WINDOWS\Prefetch\WINPOP.EXE-01F40E74.pf Adware.ClickSpring/Resident C:\DOCUME~1\bjorn\MINEDO~1\STEM32~1\NTEPAD~1.EXE C:\DOCUME~1\bjorn\MINEDO~1\STEM32~1\NTEPAD~1.EXE Adware.Tracking Cookie C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\bjorn@casalemedia[1].txt C:\Documents and Settings\bjorn\Cookies\bjorn@statcounter[1].txt C:\Documents and Settings\bjorn\Cookies\bjorn@doubleclick[1].txt C:\Documents and Settings\bjorn\Cookies\bjorn@adtech[2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\bjorn@overture[2].txt C:\Documents and Settings\bjorn\Cookies\bjorn@imrworldwide[2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\bjorn@serving-sys[1].txt C:\Documents and Settings\bjorn\Cookies\bjorn@tribalfusion[2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\bjorn@mediaplex[1].txt C:\Documents and Settings\bjorn\Cookies\bjorn@azjmp[2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\bjorn@advertising[1].txt C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\[email protected][3].txt C:\Documents and Settings\bjorn\Cookies\bjorn@tradedoubler[2].txt C:\Documents and Settings\bjorn\Cookies\bjorn@fastclick[2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\bjorn@partypoker[2].txt C:\Documents and Settings\bjorn\Cookies\bjorn@2o7[2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\bjorn@tacoda[1].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\bjorn@hitbox[2].txt C:\Documents and Settings\bjorn\Cookies\bjorn@atdmt[2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt C:\Documents and Settings\bjorn\Cookies\[email protected][1].txt C:\Documents and Settings\bjorn\Cookies\[email protected][2].txt Adware.Avenue Media/Internet Optimizer HKU\S-1-5-21-1604199630-1837247967-620655208-5150\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} Adware.IPWins HKU\S-1-5-21-1604199630-1837247967-620655208-5150\Software\IpWins Adware.ClickSpring/Outer Info Network HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation C:\Programfiler\Outerinfo\OiUninstaller.exe C:\Programfiler\Outerinfo\outerinfo.ico C:\Programfiler\Outerinfo\Terms.rtf C:\Programfiler\Outerinfo C:\Documents and Settings\bjorn\Start-meny\Programmer\Outerinfo\Terms.lnk C:\Documents and Settings\bjorn\Start-meny\Programmer\Outerinfo\Uninstall.lnk C:\Documents and Settings\bjorn\Start-meny\Programmer\Outerinfo C:\WINDOWS\Prefetch\OIUNINSTALLER.EXE-32A76FEE.pf Adware.ClickSpring/PuritySCAN C:\WINDOWS\SYSTEM32\WCPSVSU.EXE Trojan.Downloader-Gen/Installer C:\WINDOWS\B122.EXE Takker for evt. hjelp\veiledninger.. Endret 25. juni 2007 av SpecialForce Lenke til kommentar
norbat Skrevet 25. juni 2007 Del Skrevet 25. juni 2007 Kunne du poste HJT-loggen (kan ikke finne den) Lenke til kommentar
SpecialForce Skrevet 25. juni 2007 Forfatter Del Skrevet 25. juni 2007 Kunne du poste HJT-loggen (kan ikke finne den) 8943414[/snapback] Hjt loggen er den øverste og SAS er den nederste.. Happy feilsøking! Lenke til kommentar
SpecialForce Skrevet 25. juni 2007 Forfatter Del Skrevet 25. juni 2007 (endret) BTW: jeg fikk ikke startet i sikkerhetsmodus mens jeg scanna med hjt pga noe passordtull som jeg ikke kom igjennom med. Har det noe å si? La til en k Endret 25. juni 2007 av SpecialForce Lenke til kommentar
norbat Skrevet 25. juni 2007 Del Skrevet 25. juni 2007 (endret) Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu41.exe 61A847B5BBF7....... O4 - HKCU\..\Run: [Trpt] "C:\PROGRA~1\WNSXS~1\explorer.exe" -vt yazb O4 - HKCU\..\Run: [Tgkbg] "C:\Documents and Settings\bjorn\Mine dokumenter\??stem32\n?tepad.exe" O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\retadpu41.exe Folders to delete: C:\PROGRA~1\WNSXS~1 C:\Documents and Settings\bjorn\Mine dokumenter\??stem32 Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Gå til nettstedet: http://virusscan.jotti.org/ og last opp følgende fil for sjekk: C:\Programfiler\WinPop\winpop.exe Fortell om det gir noe resultat. (Hvis du ikke finner fila: Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") ) Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny HJT-logg. Fortell også om jottisjekken ga noe utslag på winpop.exe. Endret 25. juni 2007 av norbat Lenke til kommentar
SpecialForce Skrevet 25. juni 2007 Forfatter Del Skrevet 25. juni 2007 Føler at den loggfilen trenger å postes allikevel. Se selv: Klikk for å se/fjerne innholdet nedenfor Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\uotiojhn ******************* Script file located at: \??\C:\WINDOWS\vootbckq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\retadpu41.exe deleted successfully. Folder C:\PROGRA~1\WNSXS~1 not found! Deletion of folder C:\PROGRA~1\WNSXS~1 failed! Could not process line: C:\PROGRA~1\WNSXS~1 Status: 0xc0000034 Could not open folder C:\Documents and Settings\bjorn\Mine dokumenter\??stem32 for deletion Deletion of folder C:\Documents and Settings\bjorn\Mine dokumenter\??stem32 failed! Could not process line: C:\Documents and Settings\bjorn\Mine dokumenter\??stem32 Status: 0xc0000033 Completed script processing. ******************* Finished! Terminate. Lenke til kommentar
norbat Skrevet 25. juni 2007 Del Skrevet 25. juni 2007 Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Dette må antakelig gjøres fra sikker modus: Bruk utforsker til å finne og slette (i fet): C:\PROGRA~1\WNSXS~1 (~1 = forkortelse) C:\Documents and Settings\bjorn\Mine dokumenter\??stem32 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå