bjorg_hs Skrevet 25. juni 2007 Del Skrevet 25. juni 2007 (endret) Heisann Samme problemet som Strupen i emnet "LØST - malware/spyware/trojan - hjelp? " Har scanna med Housecall.. Så begynte jeg også på HJK. Loggen har jeg lagra her, ettersom norbat, som hjalp strupen sa det var en idè.. Off.. er dårlig på forum.. men trenger hjelp :S Endret 26. juni 2007 av bjorg_hs Lenke til kommentar
Thor. Skrevet 25. juni 2007 Del Skrevet 25. juni 2007 (endret) Du kan begynne med denne: http://www.spyware-removal-guideline.com/v...-access-removal Og forresten. Du kan godt prøve skjul/spoiler funksjonen på forumet. Rediger posten din og legg [skjul.] og [/skjul.] mellom loggen så folk slipper å slite ut scrollehjulet Fjern punktum for at det skal fungere Endret 25. juni 2007 av Thor. Lenke til kommentar
bjorg_hs Skrevet 25. juni 2007 Forfatter Del Skrevet 25. juni 2007 (endret) Her er loggen for HJK: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 01:43:19, on 26.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Klikk for å se/fjerne innholdet nedenfor Running processes:C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Video ActiveX Access\iesmn.exe C:\Program Files\Video ActiveX Access\imsmain.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Video ActiveX Access\imsmn.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Video ActiveX Access\iesmin.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Bomsen\Desktop\HJK\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - C:\Program Files\Video ActiveX Access\iesplg.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Phone Four] C:\DOCUME~1\Bomsen\APPLIC~1\SIZECA~1\MATHNAME.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bj0gga.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - AppInit_DLLs: pushow82.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: cankered - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\system32\dooep.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12535 bytes Endret 25. juni 2007 av bjorg_hs Lenke til kommentar
bjorg_hs Skrevet 25. juni 2007 Forfatter Del Skrevet 25. juni 2007 Du kan begynne med denne: http://www.spyware-removal-guideline.com/v...-access-removal Og forresten. Du kan godt prøve skjul/spoiler funksjonen på forumet. Rediger posten din og legg [skjul.] og [/skjul.] mellom loggen så folk slipper å slite ut scrollehjulet Fjern punktum for at det skal fungere 8945649[/snapback] Okei:) Takk.. er veldig dårlig på sånn forum greier.. Var en så sa jeg skulle lage nytt emne sjønner du å plassere loggen min for HJK for han skulle hjelpe meg å fjerne dette dritte liksom.. Jeg har ikke peiling på noe egentlig når det kommer til dette her Lenke til kommentar
norbat Skrevet 26. juni 2007 Del Skrevet 26. juni 2007 Hent Smitfraudfix, legg det på skrivebordet Restart i sikker modus (trykk flere gange på F8 under oppstart av pc'n, velg sikker modus) Kjør Smitfraudfix, velg valg 2. Følg evt. veiledning Fra normal tilstand: Hent deretter SAS, installer og oppdater. Kjør en 'Complete scan' med SAS. Etter en restart: Post en ny HJT-logg sammen med loggen fra SAS (preferences->statistics/logs) + loggen fra Smitfraudfix (vanligvis C:\rapport.txt) Lenke til kommentar
bjorg_hs Skrevet 26. juni 2007 Forfatter Del Skrevet 26. juni 2007 Hent Smitfraudfix, legg det på skrivebordet Restart i sikker modus (trykk flere gange på F8 under oppstart av pc'n, velg sikker modus) Kjør Smitfraudfix, velg valg 2. Følg evt. veiledning Fra normal tilstand: Hent deretter SAS, installer og oppdater. Kjør en 'Complete scan' med SAS. Etter en restart: Post en ny HJT-logg sammen med loggen fra SAS (preferences->statistics/logs) + loggen fra Smitfraudfix (vanligvis C:\rapport.txt) 8946294[/snapback] HJK-logg Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 13:01:53, on 26.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Bomsen\Desktop\HJK\HiJackThis_v2.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bj0gga.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - AppInit_DLLs: pushow82.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10734 bytes SAS-logg Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/26/2007 at 12:56 PM Application Version : 3.9.1008 Core Rules Database Version : 3261 Trace Rules Database Version: 1272 Scan type : Complete Scan Total Scan Time : 00:48:18 Memory items scanned : 486 Memory threats detected : 0 Registry items scanned : 6096 Registry threats detected : 110 File items scanned : 71052 File threats detected : 159 Adware.Lop-Gen [Phone Four] C:\DOCUME~1\BOMSEN\APPLIC~1\SIZECA~1\MATHNAME.EXE C:\DOCUME~1\BOMSEN\APPLIC~1\SIZECA~1\MATHNAME.EXE C:\DOCUMENTS AND SETTINGS\BOMSEN\APPLICATION DATA\SIZE CAST ACE\MATHNAME.EXE MyWay Search Assistant Computers HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKU\S-1-5-21-2173793519-1408888994-1815716388-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} Adware.Tracking Cookie C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@hotbar[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][11].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@overture[1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@atdmt[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@tripod[1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@adcentriconline[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@nextag[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@tradedoubler[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@partypoker[1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@specificclick[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@adrevolver[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@xiti[1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@indexstats[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@tribalfusion[1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@tacoda[1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@trafficmp[1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@yadro[1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@adtech[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@advertising[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@adlegend[1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@realmedia[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@clicktorrent[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@eddamedia[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@casalemedia[1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@adultfriendfinder[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@hitbox[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@imrworldwide[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@zedo[1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@adecn[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@revsci[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@toplist[1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@indextools[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@fastclick[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@doubleclick[1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@serving-sys[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@click24[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][3].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@clickbank[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@2o7[1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@statcounter[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@questionmarket[1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@adbrite[1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@mediaplex[1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@sexytester[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@cpvfeed[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][3].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@thesafetynotes[1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@interclick[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@adinterax[2].txt C:\Documents and Settings\Bomsen\Cookies\bomsen@bizrate[2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][4].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][10].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][3].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][4].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][5].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][6].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][7].txt C:\Documents and Settings\Bomsen\Cookies\[email protected][8].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@adfair[1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@indextools[2].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@kanoodle[1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@nextag[1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\bomsen@roiservice[2].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Bomsen\Local Settings\Temp\Cookies\[email protected][2].txt Adware.Advertisemen HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen#UninstallString Malware.SpyLocked HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766} HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0 HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\0 HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\0\win32 HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\FLAGS HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\HELPDIR HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C} HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\ProxyStubClsid HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\ProxyStubClsid32 HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\TypeLib HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\TypeLib#Version HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F} HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\ProxyStubClsid HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\ProxyStubClsid32 HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\TypeLib HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\TypeLib#Version HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4} HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\ProxyStubClsid HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\ProxyStubClsid32 HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\TypeLib HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\TypeLib#Version HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89} HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\ProxyStubClsid HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\ProxyStubClsid32 HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\TypeLib HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\TypeLib#Version HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1} HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\ProxyStubClsid HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\ProxyStubClsid32 HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\TypeLib HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\TypeLib#Version HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA} HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\ProxyStubClsid HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\ProxyStubClsid32 HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\TypeLib HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\TypeLib#Version HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268} HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\ProxyStubClsid HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\ProxyStubClsid32 HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\TypeLib HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\TypeLib#Version HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866} HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\ProxyStubClsid HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\ProxyStubClsid32 HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\TypeLib HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\TypeLib#Version HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF} HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\ProxyStubClsid HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\ProxyStubClsid32 HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\TypeLib HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\TypeLib#Version HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8} HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\ProxyStubClsid HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\ProxyStubClsid32 HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\TypeLib HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\TypeLib#Version HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6} HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\ProxyStubClsid HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\ProxyStubClsid32 HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\TypeLib HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\TypeLib#Version HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9} HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\ProxyStubClsid HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\ProxyStubClsid32 HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\TypeLib HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\TypeLib#Version HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E} HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\ProxyStubClsid HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\ProxyStubClsid32 HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\TypeLib HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\TypeLib#Version HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8} HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\ProxyStubClsid HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\ProxyStubClsid32 HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\TypeLib HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\TypeLib#Version HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C} HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\ProxyStubClsid HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\ProxyStubClsid32 HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\TypeLib HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\TypeLib#Version HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E} HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\ProxyStubClsid HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\ProxyStubClsid32 HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\TypeLib HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\TypeLib#Version Trojan.Media-Codec/V3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP403\A0111809.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP403\A0111810.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP403\A0111811.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111843.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111844.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111845.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111874.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111876.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111877.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111878.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111880.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111881.EXE Trojan.Smitfraud Variant-Gen C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP404\A0111873.DLL Smitfraudfix-logg Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.196 Scan done at 11:55:45,23, 26.06.2007 Run from C:\Documents and Settings\Bomsen\Desktop\smith\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{44e670f2-d57b-4815-a576-955d17dbbf2d}"="cankered" [HKEY_CLASSES_ROOT\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32] @="C:\WINDOWS\system32\dooep.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32] @="C:\WINDOWS\system32\dooep.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\dooep.dll -> Hoax.Win32.Renos.gen.o C:\WINDOWS\system32\dooep.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted C:\DOCUME~1\Bomsen\FAVORI~1\Online Security Test.url Deleted C:\Program Files\Video ActiveX Access\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS3\Services\Tcpip\..\{9BE1BFE3-B42B-41B2-BDD1-7ACEA2A4CFE8}: DhcpNameServer=84.208.20.110 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=84.208.20.110 192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Lenke til kommentar
norbat Skrevet 26. juni 2007 Del Skrevet 26. juni 2007 Se om du kan avinstallere fra legg til/fjern programmer (kontrollpanelet) CiD help Error Safe Free SpyNoMore <- Hvis dette er en demo. Har du betalt for den, kan du selvfølgelig beholde den. Klikk: Start -> Kjør Skriv: C:\WINDOWS\system32\drivers\etc . Klikk OK. Dobbeltklikk på hosts-filen, og velg å åpne i notisblokk. Fjern, hvis tilstede, alle linjer med ## added by CiD Du skal i utg.pkt kun ha ei linje der det står: 127.0.0.1 localhost Etter at du har fjernet aktuelle linjer, klikker du Fil->Lagre. Lukk notisblokk Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O20 - AppInit_DLLs: pushow82.dll Last ned Killbox Start Killbox Velg å 'Delete on reboot' Følgende skal settes inn: C:\WINDOWS\System32\pushow82.dll Restart Post en ny HJT-logg Lenke til kommentar
bjorg_hs Skrevet 26. juni 2007 Forfatter Del Skrevet 26. juni 2007 Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 00:32:58, on 27.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Klikk for å se/fjerne innholdet nedenfor Running processes:C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe C:\Documents and Settings\Bomsen\Desktop\HJK\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bj0gga.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10794 bytes Lenke til kommentar
norbat Skrevet 27. juni 2007 Del Skrevet 27. juni 2007 Loggen sin ser nå fin ut. Hvordan kjører pc'n? Hvis SpyNoMore er en demo, så avinstallerer du den. Dette programmet hadde et litt dårlig rykte før, men har forbedret seg. Ville heller satset på SAS Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
bjorg_hs Skrevet 27. juni 2007 Forfatter Del Skrevet 27. juni 2007 Loggen sin ser nå fin ut. Hvordan kjører pc'n? Hvis SpyNoMore er en demo, så avinstallerer du den. Dette programmet hadde et litt dårlig rykte før, men har forbedret seg. Ville heller satset på SAS Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. 8953227[/snapback] Hei:) Nå fungerer pcn kjempe fint Tusen takk. Jeg hadde aldri klart dette uten deg altså Lenke til kommentar
norbat Skrevet 29. juni 2007 Del Skrevet 29. juni 2007 Bare hyggelig Rediger gjerne emnetittelen din ved å sette ordet [Løst] framfor tittelen. (Du redigerer emnetittelen ved å klikke rediger i 1.post.) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå