Gå til innhold

Hjelp med å fjerne "Security Toolbar etc."


Anbefalte innlegg

Heisann :)

 

Samme problemet som Strupen i emnet "LØST - malware/spyware/trojan - hjelp?

"

 

Har scanna med Housecall..

 

Så begynte jeg også på HJK. Loggen har jeg lagra her, ettersom norbat, som hjalp strupen sa det var en idè..

 

Off.. er dårlig på forum.. men trenger hjelp :S

Endret av bjorg_hs
Lenke til kommentar
Videoannonse
Annonse

Her er loggen for HJK:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 01:43:19, on 26.06.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

 

Klikk for å se/fjerne innholdet nedenfor
Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Video ActiveX Access\iesmn.exe

C:\Program Files\Video ActiveX Access\imsmain.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Video ActiveX Access\imsmn.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Video ActiveX Access\iesmin.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Bomsen\Desktop\HJK\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - C:\Program Files\Video ActiveX Access\iesplg.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Phone Four] C:\DOCUME~1\Bomsen\APPLIC~1\SIZECA~1\MATHNAME.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe

O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bj0gga.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe

O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - AppInit_DLLs: pushow82.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: cankered - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\system32\dooep.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 12535 bytes

Endret av bjorg_hs
Lenke til kommentar
Du kan begynne med denne: http://www.spyware-removal-guideline.com/v...-access-removal

 

Og forresten. Du kan godt prøve skjul/spoiler funksjonen på forumet. Rediger posten din og legg [skjul.] og [/skjul.] mellom loggen så folk slipper å slite ut scrollehjulet :)

 

Fjern punktum for at det skal fungere :)

8945649[/snapback]

 

Okei:)

Takk.. er veldig dårlig på sånn forum greier..

Var en så sa jeg skulle lage nytt emne sjønner du å plassere loggen min for HJK for han skulle hjelpe meg å fjerne dette dritte liksom..

Jeg har ikke peiling på noe egentlig når det kommer til dette her :ermm:

Lenke til kommentar

Hent Smitfraudfix, legg det på skrivebordet

 

Restart i sikker modus (trykk flere gange på F8 under oppstart av pc'n, velg sikker modus)

 

Kjør Smitfraudfix, velg valg 2. Følg evt. veiledning

 

Fra normal tilstand:

 

Hent deretter SAS, installer og oppdater.

Kjør en 'Complete scan' med SAS.

 

Etter en restart:

 

Post en ny HJT-logg sammen med loggen fra SAS (preferences->statistics/logs) + loggen fra Smitfraudfix (vanligvis C:\rapport.txt)

Lenke til kommentar
Hent Smitfraudfix, legg det på skrivebordet

 

Restart i sikker modus (trykk flere gange på F8 under oppstart av pc'n, velg sikker modus)

 

Kjør Smitfraudfix, velg valg 2. Følg evt. veiledning

 

Fra normal tilstand:

 

Hent deretter SAS, installer og oppdater.

Kjør en 'Complete scan' med SAS.

 

Etter en restart:

 

Post en ny HJT-logg sammen med loggen fra SAS (preferences->statistics/logs) + loggen fra Smitfraudfix (vanligvis C:\rapport.txt)

8946294[/snapback]

 

 

 

HJK-logg

 

Klikk for å se/fjerne innholdet nedenfor
Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 13:01:53, on 26.06.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Bomsen\Desktop\HJK\HiJackThis_v2.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bj0gga.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe

O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - AppInit_DLLs: pushow82.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 10734 bytes

 

 

 

SAS-logg

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/26/2007 at 12:56 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3261

Trace Rules Database Version: 1272

 

Scan type : Complete Scan

Total Scan Time : 00:48:18

 

Memory items scanned : 486

Memory threats detected : 0

Registry items scanned : 6096

Registry threats detected : 110

File items scanned : 71052

File threats detected : 159

 

Adware.Lop-Gen

[Phone Four] C:\DOCUME~1\BOMSEN\APPLIC~1\SIZECA~1\MATHNAME.EXE

C:\DOCUME~1\BOMSEN\APPLIC~1\SIZECA~1\MATHNAME.EXE

C:\DOCUMENTS AND SETTINGS\BOMSEN\APPLICATION DATA\SIZE CAST ACE\MATHNAME.EXE

 

MyWay Search Assistant Computers

HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable

C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL

HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}

HKU\S-1-5-21-2173793519-1408888994-1815716388-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

 

Adware.Tracking Cookie

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@hotbar[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][11].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@overture[1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@atdmt[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@tripod[1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@adcentriconline[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@nextag[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@tradedoubler[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@partypoker[1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@specificclick[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@adrevolver[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@xiti[1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@indexstats[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@tribalfusion[1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@tacoda[1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@trafficmp[1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@yadro[1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@adtech[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@advertising[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@adlegend[1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@realmedia[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@clicktorrent[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@eddamedia[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@casalemedia[1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@adultfriendfinder[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@hitbox[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@imrworldwide[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@zedo[1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@adecn[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@revsci[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@toplist[1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@indextools[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@fastclick[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@doubleclick[1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@serving-sys[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@click24[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][3].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@clickbank[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@2o7[1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@statcounter[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@questionmarket[1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@adbrite[1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@mediaplex[1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@sexytester[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@cpvfeed[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][3].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@thesafetynotes[1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@interclick[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@adinterax[2].txt

C:\Documents and Settings\Bomsen\Cookies\bomsen@bizrate[2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][4].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][10].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][3].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][4].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][5].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][6].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][7].txt

C:\Documents and Settings\Bomsen\Cookies\[email protected][8].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@adfair[1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@indextools[2].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@kanoodle[1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@nextag[1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@roiservice[2].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt

 

Adware.Advertisemen

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen#UninstallString

 

Malware.SpyLocked

HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}

HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0

HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\0

HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\0\win32

HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\FLAGS

HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\HELPDIR

HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}

HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\ProxyStubClsid

HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\ProxyStubClsid32

HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\TypeLib

HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\TypeLib#Version

HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}

HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\ProxyStubClsid

HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\ProxyStubClsid32

HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\TypeLib

HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\TypeLib#Version

HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}

HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\ProxyStubClsid

HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\ProxyStubClsid32

HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\TypeLib

HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\TypeLib#Version

HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}

HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\ProxyStubClsid

HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\ProxyStubClsid32

HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\TypeLib

HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\TypeLib#Version

HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}

HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\ProxyStubClsid

HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\ProxyStubClsid32

HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\TypeLib

HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\TypeLib#Version

HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}

HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\ProxyStubClsid

HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\ProxyStubClsid32

HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\TypeLib

HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\TypeLib#Version

HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}

HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\ProxyStubClsid

HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\ProxyStubClsid32

HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\TypeLib

HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\TypeLib#Version

HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}

HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\ProxyStubClsid

HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\ProxyStubClsid32

HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\TypeLib

HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\TypeLib#Version

HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}

HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\ProxyStubClsid

HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\ProxyStubClsid32

HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\TypeLib

HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\TypeLib#Version

HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}

HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\ProxyStubClsid

HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\ProxyStubClsid32

HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\TypeLib

HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\TypeLib#Version

HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}

HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\ProxyStubClsid

HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\ProxyStubClsid32

HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\TypeLib

HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\TypeLib#Version

HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}

HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\ProxyStubClsid

HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\ProxyStubClsid32

HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\TypeLib

HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\TypeLib#Version

HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}

HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\ProxyStubClsid

HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\ProxyStubClsid32

HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\TypeLib

HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\TypeLib#Version

HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}

HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\ProxyStubClsid

HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\ProxyStubClsid32

HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\TypeLib

HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\TypeLib#Version

HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}

HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\ProxyStubClsid

HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\ProxyStubClsid32

HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\TypeLib

HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\TypeLib#Version

HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}

HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\ProxyStubClsid

HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\ProxyStubClsid32

HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\TypeLib

HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\TypeLib#Version

 

Trojan.Media-Codec/V3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP403\A0111809.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP403\A0111810.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP403\A0111811.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111843.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111844.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111845.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111874.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111876.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111877.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111878.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111880.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111881.EXE

 

Trojan.Smitfraud Variant-Gen

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111873.DLL

 

 

 

Smitfraudfix-logg

Klikk for å se/fjerne innholdet nedenfor

SmitFraudFix v2.196

 

Scan done at 11:55:45,23, 26.06.2007

Run from C:\Documents and Settings\Bomsen\Desktop\smith\SmitfraudFix

OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!Attention, following keys are not inevitably infected!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{44e670f2-d57b-4815-a576-955d17dbbf2d}"="cankered"

 

[HKEY_CLASSES_ROOT\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]

@="C:\WINDOWS\system32\dooep.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]

@="C:\WINDOWS\system32\dooep.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

C:\WINDOWS\system32\dooep.dll -> Hoax.Win32.Renos.gen.o

C:\WINDOWS\system32\dooep.dll -> Deleted

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted

C:\DOCUME~1\Bomsen\FAVORI~1\Online Security Test.url Deleted

C:\Program Files\Video ActiveX Access\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CS3\Services\Tcpip\..\{9BE1BFE3-B42B-41B2-BDD1-7ACEA2A4CFE8}: DhcpNameServer=84.208.20.110 192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=84.208.20.110 192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!Attention, following keys are not inevitably infected!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!Attention, following keys are not inevitably infected!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

Lenke til kommentar

Se om du kan avinstallere fra legg til/fjern programmer (kontrollpanelet)

CiD help

Error Safe Free

SpyNoMore <- Hvis dette er en demo. Har du betalt for den, kan du selvfølgelig beholde den.

 

Klikk: Start -> Kjør

Skriv: C:\WINDOWS\system32\drivers\etc . Klikk OK.

Dobbeltklikk på hosts-filen, og velg å åpne i notisblokk.

Fjern, hvis tilstede, alle linjer med ## added by CiD

Du skal i utg.pkt kun ha ei linje der det står: 127.0.0.1 localhost

Etter at du har fjernet aktuelle linjer, klikker du Fil->Lagre.

Lukk notisblokk

 

Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked':

O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe

O20 - AppInit_DLLs: pushow82.dll

 

Last ned Killbox

 

Start Killbox

Velg å 'Delete on reboot'

 

Følgende skal settes inn:

C:\WINDOWS\System32\pushow82.dll

 

Restart

 

Post en ny HJT-logg

Lenke til kommentar

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 00:32:58, on 27.06.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Klikk for å se/fjerne innholdet nedenfor
Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe

C:\Documents and Settings\Bomsen\Desktop\HJK\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bj0gga.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 10794 bytes

Lenke til kommentar

Loggen sin ser nå fin ut.

 

Hvordan kjører pc'n?

 

Hvis SpyNoMore er en demo, så avinstallerer du den. Dette programmet hadde et litt dårlig rykte før, men har forbedret seg. Ville heller satset på SAS :)

 

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc, fjern merket igjen for å aktivere funksjonen.

Lenke til kommentar
Loggen sin ser nå fin ut.

 

Hvordan kjører pc'n?

 

Hvis SpyNoMore er en demo, så avinstallerer du den. Dette programmet hadde et litt dårlig rykte før, men har forbedret seg. Ville heller satset på SAS  :)

 

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc, fjern merket igjen for å aktivere funksjonen.

8953227[/snapback]

 

 

Hei:)

 

Nå fungerer pcn kjempe fint :thumbup:

Tusen takk. Jeg hadde aldri klart dette uten deg altså :)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...