Kristaafa Skrevet 6. august 2007 Del Skrevet 6. august 2007 Holder på å rense opp i en her, men har liksom aldri blitt kvitt all driten. Laptopen kjører forøvrig på WinXP Media Center. Hvis noen har lyst til å kikke på SAS-loggen, så ligger den her: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 08/06/2007 at 06:10 PM Application Version : 3.9.1008 Core Rules Database Version : 3279 Trace Rules Database Version: 1290 Scan type : Complete Scan Total Scan Time : 00:42:42 Memory items scanned : 635 Memory threats detected : 0 Registry items scanned : 6813 Registry threats detected : 115 File items scanned : 42084 File threats detected : 85 Trojan.Media-Codec/V3 HKLM\Software\Classes\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118} HKCR\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118} HKCR\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118}#xxx HKCR\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118}\InprocServer32 HKCR\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118}\InprocServer32#ThreadingModel C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E26CEADA-67B0-4543-BE8B-307F00265118} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030198.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030199.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030200.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030225.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030226.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030227.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030252.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030253.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030254.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030341.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030342.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030343.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0031341.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0031343.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0031346.EXE Adware.Tracking Cookie C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@toplist[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@1072648140[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@downloadanimalsex[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@1066577276[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@11[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@cgi-bin[2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@sexynatalie[2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@creaminteen[2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@euros4click[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@burstnet[2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@toppro[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@upspiral[2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@top2[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@sexdate[2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@xxxfolder[2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@kissmycrack[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@pornoarkivet[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@dating[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@st[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@massiveaccess-sexynatalie[2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@xxxpower[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@sexkanaler[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@yadro[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@1071960491[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@st[5].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@44945923[2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@sexdebut[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@qnsr[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@sexkanaler[3].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@sexsearchcom[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte [email protected][2].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@1066464996[1].txt C:\Documents and Settings\Lotte Johansen\Cookies\lotte johansen@sex-lankar[2].txt C:\Documents and Settings\Kristoffer\Cookies\[email protected][1].txt Trojan.Media-Codec HKU\S-1-5-21-1227236176-3292918139-4287259963-1005\Software\Internet Security Malware.VirusProtectPro HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52} HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}#AppID HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Epdflahwebn HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\eqFS HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\InprocServer32 HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\InprocServer32#ThreadingModel HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\NaZgzm HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\nrfvphNYijP HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\pbjrdvgra HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\ProgID HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Programmable HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\sbvuuruvsepH HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\tookh HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\TypeLib HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\VersionIndependentProgID HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\zvMiaRiX HKCR\TypeLib\{3FB89201-04DE-4430-B5C6-FD57EA654E56} HKCR\TypeLib\{3FB89201-04DE-4430-B5C6-FD57EA654E56}\1.0 HKCR\TypeLib\{3FB89201-04DE-4430-B5C6-FD57EA654E56}\1.0\0 HKCR\TypeLib\{3FB89201-04DE-4430-B5C6-FD57EA654E56}\1.0\0\win32 HKCR\TypeLib\{3FB89201-04DE-4430-B5C6-FD57EA654E56}\1.0\FLAGS HKCR\TypeLib\{3FB89201-04DE-4430-B5C6-FD57EA654E56}\1.0\HELPDIR HKCR\Interface\{057299D6-7EDB-47B8-934C-ED17535A501C} HKCR\Interface\{057299D6-7EDB-47B8-934C-ED17535A501C}\ProxyStubClsid HKCR\Interface\{057299D6-7EDB-47B8-934C-ED17535A501C}\ProxyStubClsid32 HKCR\Interface\{057299D6-7EDB-47B8-934C-ED17535A501C}\TypeLib HKCR\Interface\{057299D6-7EDB-47B8-934C-ED17535A501C}\TypeLib#Version HKCR\Interface\{1C54613A-A5EC-461B-9643-6F18598036A8} HKCR\Interface\{1C54613A-A5EC-461B-9643-6F18598036A8}\ProxyStubClsid HKCR\Interface\{1C54613A-A5EC-461B-9643-6F18598036A8}\ProxyStubClsid32 HKCR\Interface\{1C54613A-A5EC-461B-9643-6F18598036A8}\TypeLib HKCR\Interface\{1C54613A-A5EC-461B-9643-6F18598036A8}\TypeLib#Version HKCR\Interface\{321FE2F3-D621-4FC2-97E6-F03B1E106163} HKCR\Interface\{321FE2F3-D621-4FC2-97E6-F03B1E106163}\ProxyStubClsid HKCR\Interface\{321FE2F3-D621-4FC2-97E6-F03B1E106163}\ProxyStubClsid32 HKCR\Interface\{321FE2F3-D621-4FC2-97E6-F03B1E106163}\TypeLib HKCR\Interface\{321FE2F3-D621-4FC2-97E6-F03B1E106163}\TypeLib#Version HKCR\Interface\{3510AA0D-C620-42A7-BCA4-5424E887BFBE} HKCR\Interface\{3510AA0D-C620-42A7-BCA4-5424E887BFBE}\ProxyStubClsid HKCR\Interface\{3510AA0D-C620-42A7-BCA4-5424E887BFBE}\ProxyStubClsid32 HKCR\Interface\{3510AA0D-C620-42A7-BCA4-5424E887BFBE}\TypeLib HKCR\Interface\{3510AA0D-C620-42A7-BCA4-5424E887BFBE}\TypeLib#Version HKCR\Interface\{3E4FBCA2-CF8F-4897-AC8B-AD3FB68DD794} HKCR\Interface\{3E4FBCA2-CF8F-4897-AC8B-AD3FB68DD794}\ProxyStubClsid HKCR\Interface\{3E4FBCA2-CF8F-4897-AC8B-AD3FB68DD794}\ProxyStubClsid32 HKCR\Interface\{3E4FBCA2-CF8F-4897-AC8B-AD3FB68DD794}\TypeLib HKCR\Interface\{3E4FBCA2-CF8F-4897-AC8B-AD3FB68DD794}\TypeLib#Version HKCR\Interface\{423E470A-EFEC-4B61-80DF-7CEBAEA33912} HKCR\Interface\{423E470A-EFEC-4B61-80DF-7CEBAEA33912}\ProxyStubClsid HKCR\Interface\{423E470A-EFEC-4B61-80DF-7CEBAEA33912}\ProxyStubClsid32 HKCR\Interface\{423E470A-EFEC-4B61-80DF-7CEBAEA33912}\TypeLib HKCR\Interface\{423E470A-EFEC-4B61-80DF-7CEBAEA33912}\TypeLib#Version HKCR\Interface\{465CD1AB-1A0E-4644-A818-4EEA483137F1} HKCR\Interface\{465CD1AB-1A0E-4644-A818-4EEA483137F1}\ProxyStubClsid HKCR\Interface\{465CD1AB-1A0E-4644-A818-4EEA483137F1}\ProxyStubClsid32 HKCR\Interface\{465CD1AB-1A0E-4644-A818-4EEA483137F1}\TypeLib HKCR\Interface\{465CD1AB-1A0E-4644-A818-4EEA483137F1}\TypeLib#Version HKCR\Interface\{48F5A09E-1F9A-45F6-9028-D3D4AF690727} HKCR\Interface\{48F5A09E-1F9A-45F6-9028-D3D4AF690727}\ProxyStubClsid HKCR\Interface\{48F5A09E-1F9A-45F6-9028-D3D4AF690727}\ProxyStubClsid32 HKCR\Interface\{48F5A09E-1F9A-45F6-9028-D3D4AF690727}\TypeLib HKCR\Interface\{48F5A09E-1F9A-45F6-9028-D3D4AF690727}\TypeLib#Version HKCR\Interface\{9946C825-9E64-4CBB-99C3-D853A4CCB6D5} HKCR\Interface\{9946C825-9E64-4CBB-99C3-D853A4CCB6D5}\ProxyStubClsid HKCR\Interface\{9946C825-9E64-4CBB-99C3-D853A4CCB6D5}\ProxyStubClsid32 HKCR\Interface\{9946C825-9E64-4CBB-99C3-D853A4CCB6D5}\TypeLib HKCR\Interface\{9946C825-9E64-4CBB-99C3-D853A4CCB6D5}\TypeLib#Version HKCR\Interface\{9B3F8419-B82F-439C-8D5C-0CF7B9AE00AA} HKCR\Interface\{9B3F8419-B82F-439C-8D5C-0CF7B9AE00AA}\ProxyStubClsid HKCR\Interface\{9B3F8419-B82F-439C-8D5C-0CF7B9AE00AA}\ProxyStubClsid32 HKCR\Interface\{9B3F8419-B82F-439C-8D5C-0CF7B9AE00AA}\TypeLib HKCR\Interface\{9B3F8419-B82F-439C-8D5C-0CF7B9AE00AA}\TypeLib#Version HKCR\Interface\{AEF1CB9F-75C1-43D0-944D-773BEB807C4E} HKCR\Interface\{AEF1CB9F-75C1-43D0-944D-773BEB807C4E}\ProxyStubClsid HKCR\Interface\{AEF1CB9F-75C1-43D0-944D-773BEB807C4E}\ProxyStubClsid32 HKCR\Interface\{AEF1CB9F-75C1-43D0-944D-773BEB807C4E}\TypeLib HKCR\Interface\{AEF1CB9F-75C1-43D0-944D-773BEB807C4E}\TypeLib#Version HKCR\Interface\{BDABFCDE-65AB-4FD8-9DD5-B250CABDC4B2} HKCR\Interface\{BDABFCDE-65AB-4FD8-9DD5-B250CABDC4B2}\ProxyStubClsid HKCR\Interface\{BDABFCDE-65AB-4FD8-9DD5-B250CABDC4B2}\ProxyStubClsid32 HKCR\Interface\{BDABFCDE-65AB-4FD8-9DD5-B250CABDC4B2}\TypeLib HKCR\Interface\{BDABFCDE-65AB-4FD8-9DD5-B250CABDC4B2}\TypeLib#Version HKCR\Interface\{D74EB6F1-1C83-4D06-9DAC-B6BE82C5FE70} HKCR\Interface\{D74EB6F1-1C83-4D06-9DAC-B6BE82C5FE70}\ProxyStubClsid HKCR\Interface\{D74EB6F1-1C83-4D06-9DAC-B6BE82C5FE70}\ProxyStubClsid32 HKCR\Interface\{D74EB6F1-1C83-4D06-9DAC-B6BE82C5FE70}\TypeLib HKCR\Interface\{D74EB6F1-1C83-4D06-9DAC-B6BE82C5FE70}\TypeLib#Version HKCR\Interface\{EEBD5970-8E94-4E4D-A2C8-124CB9B5EBAC} HKCR\Interface\{EEBD5970-8E94-4E4D-A2C8-124CB9B5EBAC}\ProxyStubClsid HKCR\Interface\{EEBD5970-8E94-4E4D-A2C8-124CB9B5EBAC}\ProxyStubClsid32 HKCR\Interface\{EEBD5970-8E94-4E4D-A2C8-124CB9B5EBAC}\TypeLib HKCR\Interface\{EEBD5970-8E94-4E4D-A2C8-124CB9B5EBAC}\TypeLib#Version HKCR\Interface\{F928FA33-FDF8-4332-A626-CA9F7D12E5AD} HKCR\Interface\{F928FA33-FDF8-4332-A626-CA9F7D12E5AD}\ProxyStubClsid HKCR\Interface\{F928FA33-FDF8-4332-A626-CA9F7D12E5AD}\ProxyStubClsid32 HKCR\Interface\{F928FA33-FDF8-4332-A626-CA9F7D12E5AD}\TypeLib HKCR\Interface\{F928FA33-FDF8-4332-A626-CA9F7D12E5AD}\TypeLib#Version HKCR\Interface\{FFA41A18-F50E-459E-80B7-6EA78AD9D365} HKCR\Interface\{FFA41A18-F50E-459E-80B7-6EA78AD9D365}\ProxyStubClsid HKCR\Interface\{FFA41A18-F50E-459E-80B7-6EA78AD9D365}\ProxyStubClsid32 HKCR\Interface\{FFA41A18-F50E-459E-80B7-6EA78AD9D365}\TypeLib HKCR\Interface\{FFA41A18-F50E-459E-80B7-6EA78AD9D365}\TypeLib#Version C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0030324.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0031353.EXE Trojan.Downloader-Fake/Codec C:\WINDOWS\SYSTEM32\KDBMT.EXE Trojan.Unknown Origin C:\DOCUMENTS AND SETTINGS\LOTTE JOHANSEN\LOCAL SETTINGS\TEMP\LAF5A.TMP Adware.WhenU C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE Trojan.Smitfraud Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC86E74B-A348-4C69-90AE-B7FA83432220}\RP169\A0031340.DLL Og HJT-loggen som jeg tok ut etterpå: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 22:52:26, on 06.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe c:\program files\softwin\bitdefender8\bdmcon.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Lotte Johansen\Desktop\Kristoffer\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no.intl.acer.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{03568F5F-D084-4D2A-AEFE-9ED001470A4B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{4015B826-3157-4D2A-8C6E-9B4553712891}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{A16D8EDE-B887-4B7A-A7D4-FE8209466657}: NameServer = 85.255.115.59,85.255.112.77 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{03568F5F-D084-4D2A-AEFE-9ED001470A4B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Kjempefint om noen kunne tatt en titt, da denne pcen har plaget meg siden den ble kjøpt inn til min noe inkompetente mor :!: Lenke til kommentar
norbat Skrevet 6. august 2007 Del Skrevet 6. august 2007 Du har fått fjernet en god del Det ligger en "navneserverhijack" som er lurt å bli kvitt: Hent Fixwareout Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install. Sjekk at det er avkrysset i 'Run fixit'. Klikk Finish og fixet vil starte. Følg instruksjonen. Restart pc'n når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt ..... Når pc'n har restartet følger du bare instruksjonen som kommer på skjermen. Kjør HJT, sett merke framfor følgende linjer om de ligger der og klikk 'Fix checked': O17 - HKLM\System\CCS\Services\Tcpip\..\{03568F5F-D084-4D2A-AEFE-9ED001470A4B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{4015B826-3157-4D2A-8C6E-9B4553712891}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{A16D8EDE-B887-4B7A-A7D4-FE8209466657}: NameServer = 85.255.115.59,85.255.112.77 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{03568F5F-D084-4D2A-AEFE-9ED001470A4B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 Restart pc'n Post en ny HJT-logg sammen med loggen fra Fixwareout (C:\fixwareout\report.txt) Lenke til kommentar
Kristaafa Skrevet 7. august 2007 Forfatter Del Skrevet 7. august 2007 Nydelig! Skal teste dette når jeg kommer hjem fra jobb. Takk skal du ha Lenke til kommentar
Kristaafa Skrevet 7. august 2007 Forfatter Del Skrevet 7. august 2007 Jess, da har jeg kjørt igjennom og fjernet de linjene du postet. Logg fra Fixwareout: Klikk for å se/fjerne innholdet nedenfor Username "Lotte Johansen" - 2007-08-07 16:35:28 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdbmt.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A16D8EDE-B887-4B7A-A7D4-FE8209466657} "nameserver"="85.255.115.59,85.255.112.77" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A16D8EDE-B887-4B7A-A7D4-FE8209466657} "DhcpNameServer"="85.255.115.59,85.255.112.77" <Value cleared. DNS Resolver-bufferen ble tømt. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe" "ntiMUI"="C:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe" "Acer ePresentation HPD"="C:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "RTHDCPL"="RTHDCPL.EXE" "SkyTel"="SkyTel.EXE" "Alcmtr"="ALCMTR.EXE" "ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe" "Boot"="C:\\Acer\\Empowering Technology\\ePower\\Boot.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"" "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe" "SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot" "OpwareSE4"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\"" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\"" "BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\"" "eLockMonitor"="C:\\Acer\\Empowering Technology\\eLock\\Monitor\\LaunchMonitor.exe" "SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» Logg fra HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 16:46:15, on 07.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Softwin\BitDefender8\bdmcon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Lotte Johansen\Desktop\Kristoffer\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no.intl.acer.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) *vente i spenning* Lenke til kommentar
norbat Skrevet 7. august 2007 Del Skrevet 7. august 2007 Loggen ser fin ut. Du kan fix følgende linje med HJT: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Hvis programmet SpyNoMore ikke er noe du bruker, avinstaller det. Behold heller SAS. Hvordan kjører pc'n? Lenke til kommentar
Kristaafa Skrevet 10. august 2007 Forfatter Del Skrevet 10. august 2007 Takk for hjelpen Pc'n virker ok nå, men finner ikke SpyNoMore noe sted. Ikke noe jeg har installert heller. Finner kun en katalog med det navnet under Program Files/Common Files/Download Manager. Mappen inneholder et .xml dokument som heter LMDOWNLOADINFO. Ingen installert programvare med det navnet hverken i vanlig "Add and remove programs" eller i CCleaner. Skummelt? Lenke til kommentar
norbat Skrevet 10. august 2007 Del Skrevet 10. august 2007 SpyNoMore hadde et litt dårlig rykte før og var et antispywareprog. som det ikke var anbefalt å bruke. Hvis ikke du har installert det så har det kommet inn på annen måte. Du kan sjekke om du finner det her og da sletter du det: C:\Program Files\SpyNoMore Fix også 04-linja vha. HJT O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå