Stimon02 Skrevet 10. september 2007 Del Skrevet 10. september 2007 (endret) Hei. Kan noen hjelpe meg? PC'n er veldig treg og oppfører seg rart. Her er hijackthis.log Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:41:32, on 10.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\DU Meter\DUMeter.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\FlashGet\flashget.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\DLink\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\DLink\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...w=%s&tbid=61005 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {84CC0349-038F-4DEC-B935-1C3DC70EFF93} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: &Last ned alle med FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Last ned med FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\DLink\Bluetooth-programvare\btsendto_ie_ctx.htm O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yallaman.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182182297078 O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182182250937 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 14019 bytes Mvh Jan-Roald Endret 10. september 2007 av Stimon02 Lenke til kommentar
norbat Skrevet 10. september 2007 Del Skrevet 10. september 2007 Mulig Combofix kan fortelle mer: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Stimon02 Skrevet 10. september 2007 Forfatter Del Skrevet 10. september 2007 Her er combofix logen. Klikk for å se/fjerne innholdet nedenfor ComboFix 07-09-10.6 - "Stimon" 2007-09-10 19:28:17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.488 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\Stimon\APPLIC~1\macromedia\Flash Player\#SharedObjects\57RF3687\www.broadcaster.com C:\DOCUME~1\Stimon\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\DOCUME~1\Stimon\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip C:\Program Files\VideoAccessCodec C:\Program Files\VideoAccessCodec\install.ico C:\Program Files\VideoAccessCodec\Uninstall.exe C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx C:\WINDOWS\msnimport.exe C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wanpacket.dll C:\WINDOWS\system32\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 ))))))))))))))))))))))))))))))) . 2007-09-10 19:27 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-10 16:27 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-04 19:24 <DIR> d-------- C:\405 New 3D Smileys 2007-08-23 01:40 48,456 --a------ C:\WINDOWS\system32\UninstallElectricSheep.exe 2007-08-23 01:40 <DIR> d-------- C:\WINDOWS\system32\electricsheep-cache 2007-08-15 00:55 <DIR> d-------- C:\Program Files\theFrontend 2007-08-15 00:48 <DIR> d-------- C:\Program Files\WAV to AC3 Encoder 2007-08-14 07:43 <DIR> d-------- C:\DOCUME~1\Stimon\APPLIC~1\foobar2000 2007-08-13 22:49 <DIR> d-------- C:\DOCUME~1\Stimon\APPLIC~1\vlc 2007-08-13 22:31 <DIR> d-------- C:\Program Files\Minnetonka Audio Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-10 19:38 --------- d-------- C:\Program Files\FlashGet 2007-09-10 19:26 --------- d-------- C:\Program Files\Hunter2-1 2007-09-10 15:56 --------- d-------- C:\Program Files\Norton SystemWorks 2007-09-10 06:43 --------- d-------- C:\DOCUME~1\Stimon\APPLIC~1\Spyware Terminator 2007-09-09 22:00 --------- d-a------ C:\Program Files\YencPowerPostA&A11b 2007-09-09 12:54 3888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS 2007-09-09 04:48 --------- d-------- C:\Program Files\NewsLeecher 2007-09-09 03:02 --------- d-------- C:\Program Files\EAC 2007-09-08 00:12 --------- d-------- C:\Program Files\Spyware Terminator 2007-09-07 15:46 --------- d-------- C:\DOCUME~1\Stimon\APPLIC~1\Azureus 2007-09-07 08:46 --------- d-------- C:\Program Files\Azureus 2007-09-06 06:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator 2007-09-05 15:44 --------- d-------- C:\DOCUME~1\Stimon\APPLIC~1\SlimBrowser 2007-09-04 20:17 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2007-08-29 07:32 --------- d-------- C:\DOCUME~1\Stimon\APPLIC~1\NewsLeecher 2007-08-24 00:28 --------- d-------- C:\Program Files\Opera 2007-08-15 17:06 1877 --a------ C:\Program Files\history.dat 2007-08-15 16:37 438 --a------ C:\Program Files\settings.ini 2007-08-14 07:43 --------- d-------- C:\Program Files\foobar2000 2007-08-13 22:48 --------- d-------- C:\Program Files\VideoLAN 2007-08-06 01:15 --------- d-------- C:\Program Files\Image Grabber II 2007-08-05 16:44 --------- d-------- C:\DOCUME~1\Stimon\APPLIC~1\RipIt4Me 2007-08-05 04:38 --------- d-------- C:\Program Files\Gabest 2007-08-03 15:40 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-03 15:33 --------- d-------- C:\DOCUME~1\Stimon\APPLIC~1\InstallShield 2007-08-03 07:50 --------- d-------- C:\Program Files\DAEMON Tools 2007-08-03 02:16 --------- d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2007-08-03 02:10 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-03 01:02 --------- d-------- C:\Program Files\CyberLink 2007-08-01 01:20 --------- d-------- C:\Program Files\Hoyle Casino 3D 2007-07-31 19:52 --------- d-------- C:\Program Files\DVD Decrypter 2007-07-31 19:50 --------- d-------- C:\Program Files\cladDVD.NET 3.5.7 2007-07-29 21:10 495104 --a------ C:\Program Files\RapidUploader.exe 2007-07-29 21:05 --------- d-------- C:\Program Files\Setup Files 2007-07-29 21:00 --------- d-------- C:\Program Files\MSN Messenger 2007-07-29 20:53 --------- d-------- C:\Program Files\Total Video Converter 2007-07-29 20:51 --------- d-------- C:\Program Files\SlySoft 2007-07-29 20:45 --------- d-------- C:\Program Files\Railroad Tycoon II 2007-07-29 20:43 --------- d-------- C:\Program Files\Tunebite 2007-07-29 20:40 --------- d-------- C:\DOCUME~1\Stimon\APPLIC~1\tunebite 2007-07-25 00:47 --------- d-------- C:\Program Files\Badongo 2007-07-25 00:44 --------- d-------- C:\Program Files\Azureus Ultra Accelerator 2007-07-24 23:54 --------- d-------- C:\Program Files\Photomatix 2007-07-24 08:00 --------- d-------- C:\Program Files\Bonjour 2007-07-22 21:10 --------- d-------- C:\Program Files\QuickTime 2007-07-20 06:20 9728 --a------ C:\WINDOWS\system32\drivers\n558.sys 2007-07-18 21:12 --------- d-------- C:\Program Files\Autostitch 2007-07-15 13:09 249856 --a------ C:\WINDOWS\system32\Photomatix25Lib2.dll 2007-07-13 01:00 --------- d-------- C:\Program Files\FairStars Audio Converter 2007-07-12 15:17 167936 --a------ C:\WINDOWS\system32\Photomatix25Lib3.dll 2007-07-11 20:02 --------- d-------- C:\Program Files\AutoGK 2007-07-11 01:45 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe 2007-07-11 01:44 --------- d-------- C:\Program Files\AviSynth 2.5 2007-07-11 01:25 --------- d-------- C:\DOCUME~1\Stimon\APPLIC~1\LEAPS 2007-07-11 01:24 --------- d-------- C:\DOCUME~1\Stimon\APPLIC~1\Pegasys Inc 2007-07-11 01:09 56976 --a------ C:\WINDOWS\system32\GenSvcInst.exe 2007-07-11 01:09 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS 2007-07-11 01:09 122512 --a------ C:\WINDOWS\system32\bgsvcgen.exe 2007-07-11 01:09 --------- d-------- C:\Program Files\Pegasys Inc 2007-07-09 13:51 266240 --a------ C:\WINDOWS\system32\Photomatix25Lib.dll 2007-07-07 13:21 505392 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-06-28 15:09 446464 --a------ C:\WINDOWS\system32\Photomatix_jpg.dll 2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-20 23:08 93128 --------- C:\WINDOWS\system32\ElbyCDIO.dll 2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-04-30 00:51 87608 --a------ C:\DOCUME~1\Stimon\APPLIC~1\inst.exe 2007-04-30 00:51 47360 --a------ C:\DOCUME~1\Stimon\APPLIC~1\pcouffin.sys 2005-09-27 19:46 3600631 --a------ C:\Program Files\Fma.rar 2004-11-11 09:53:55 108 --sha-r C:\WINDOWS\neoqaz2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84CC0349-038F-4DEC-B935-1C3DC70EFF93}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl] "Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 C:\WINDOWS\system32\tweakui.cpl] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28] "SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 C:\WINDOWS\SOUNDMAN.EXE] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-04 20:16] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-11 16:40] "Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-05-30 09:28] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 09:06] "msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ BTTray.lnk - C:\Program Files\DLink\Bluetooth-programvare\BTTray.exe [2003-10-29 18:41:58] ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [2006-01-31 12:23:15] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\wmfhotfix.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^E-Color.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\E-Color.lnk backup=C:\WINDOWS\pss\E-Color.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk backup=C:\WINDOWS\pss\Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrayMin200.exe.lnk backup=C:\WINDOWS\pss\TrayMin200.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stimon^Start Menu^Programs^Startup^Azureus Ultra Accelerator.lnk] path=C:\Documents and Settings\Stimon\Start Menu\Programs\Startup\Azureus Ultra Accelerator.lnk backup=C:\WINDOWS\pss\Azureus Ultra Accelerator.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mmm] "C:\Program Files\HACE\Mmm\Mmm.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys R3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dd01bd9-3a20-11dc-97ec-000f3d5f830a}] AutoRun\command- H:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{323b3795-2ead-11da-b28d-806d6172696f}] AutoRun\command- N:\Setup.exe . Contents of the 'Scheduled Tasks' folder "2007-09-08 08:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-09-10 13:56:59 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job" "2007-09-09 22:00:01 C:\WINDOWS\Tasks\Symantec Drmc.job" "2007-09-10 17:18:16 C:\WINDOWS\Tasks\Symantec NetDetect.job" "2007-09-10 13:05:24 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9B2FDE08-6397-4BF3-AD05-F35DD24D8BB5}.job" . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-10 19:37:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-10 19:39:50 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-10 19:39 . --- E O F --- Håper den er til hjelpr. Lenke til kommentar
Svenni212000 Skrevet 10. september 2007 Del Skrevet 10. september 2007 For å starte, kan du avinstallere Norton skikkelig. Jeg antar du vil ta i bruk NOD32? Du finner en veldig fin guide på hvordan du avinstallerer Norton her på HW.no, http://www.hardware.no/guider/programvare/...stalleres/35615 Det er også en del unødvendige prosesser som ikke trenger å starte sammen med Windows. Disse bare ligger i bakgrunnet og gjør stort sett ikke annet enn å bruke systemressurser. Du kan Deaktivere disse ved eksempelvis å bruke en gratis startup manager, som Startup Tuner 2 Her er eksempler på prosesser du kan deaktivere fra å starte sammen med Windows: Klikk for å se/fjerne innholdet nedenfor C:\Program Files\DU Meter\DUMeter.exeO4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe - C:\WINDOWS\SOUNDMAN.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE - C:\Program Files\DAEMON Tools\daemon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"-lang 1033 - C:\PROGRA~1\INCRED~1\bin\IMApp.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c - O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe - O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Når det gjelder Sweet IM, blir dette programmet katorisert som Spyware/Adware hos flere levrandører av sikkerhetsprogrammer. Vet ikke om programemt gjør store skaden, men den bruker ekstra med systemressurser. Med god tro og gode sko kan man gå til månen, slik er det med mange av tweake programmene. Jeg ser du har tatt i bruk et tweake program, og må nevne at ganske mange av disse (ikke alle) faktisk talt har motsatt effekt på maskinen enn hva som blir lovet. Du kan følge punktene under, for å rydde og optimalisere litt på din PC. NB: Ta deg god tid om du utfører disse punktene, det kan fort gå noen timer. - ~ Avinstaller programmer du ikke trenger ~ Se til at du bruker nye og orginale drivere ~ Last ned alle oppdateringer fra Windows Update ~ Deaktiver unødvendige prosesser fra Windows oppstart ~ Kjør full scan med to nye og oppdaterte Antispyware programmer ~ Kjør full scan med et nytt og oppdatert antivirusprogram. ~ (Ikke nødvendig, men kan være en fordel) Kjør full scan med en Online Scaner, som Housecall ~ Fjern unødvendige skrotfiler fra PCen ~ Fjern ubrukelig oppføring i Windows registeret. - Ved å klikke på linken under, kan du laste ned en pakke med gode programmer som kan komme til nytte. http://www.megaupload.com/?d=6QYA5ZG1 Passord er: chun$NUru2h*xadr#Yatracruzuna_ucr$kug-stem Lenke til kommentar
norbat Skrevet 10. september 2007 Del Skrevet 10. september 2007 Hent Smitfraudfix, legg det på skrivebordet Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2 Post loggen fra Smitfraudfix (C:\rapport.txt) + ny hjt-logg. Fortell også hvordan pc'n kjører. Lenke til kommentar
Stimon02 Skrevet 10. september 2007 Forfatter Del Skrevet 10. september 2007 Først må jeg si takk for hjelpen så langt. Her er Smitfraudfix logen. Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.221 Scan done at 22:59:41,23, 10.09.2007 Run from C:\Documents and Settings\Stimon\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{73F49686-6F4B-476D-BEFC-E94E2A1CAF04}: DhcpNameServer=193.216.1.13 193.216.69.13 HKLM\SYSTEM\CS1\Services\Tcpip\..\{73F49686-6F4B-476D-BEFC-E94E2A1CAF04}: DhcpNameServer=193.216.1.13 193.216.69.13 HKLM\SYSTEM\CS2\Services\Tcpip\..\{73F49686-6F4B-476D-BEFC-E94E2A1CAF04}: DhcpNameServer=193.216.1.13 193.216.69.13 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.216.1.13 193.216.69.13 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.216.1.13 193.216.69.13 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.216.1.13 193.216.69.13 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Her er den nye hijackthis logen. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:20:56, on 10.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\DU Meter\DUMeter.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\FlashGet\flashget.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\DLink\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\DLink\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {84CC0349-038F-4DEC-B935-1C3DC70EFF93} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: &Last ned alle med FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Last ned med FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\DLink\Bluetooth-programvare\btsendto_ie_ctx.htm O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yallaman.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182182297078 O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182182250937 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth-programvare\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 12613 bytes Lenke til kommentar
norbat Skrevet 10. september 2007 Del Skrevet 10. september 2007 Hvordan kjører pc'n? Lenke til kommentar
Stimon02 Skrevet 10. september 2007 Forfatter Del Skrevet 10. september 2007 (endret) Glemte å skrive at den oppleves kjappere. Men når jeg kjører en full skan med Spyware Terminator går maskinen helt i kne på en fil som heter BKLL.DLL og den låser seg helt. Det eneste som nytter er å trykke på "svensk-knappen". (Reset) Endret 10. september 2007 av Stimon02 Lenke til kommentar
norbat Skrevet 10. september 2007 Del Skrevet 10. september 2007 Ok, du kan forsøke å kjøre ST fra sikkermodus, men, jeg kjenner litt lite til dette programmet så hvis du skal kjøre et antispywareprog, anbefaler jeg at du laster ned gratisversjonen av SAS. Lenke til kommentar
Stimon02 Skrevet 10. september 2007 Forfatter Del Skrevet 10. september 2007 Skal prøve å kjøre SF nå. Hvis den går i heng igjen så skal jeg prøve SAS programet. Lenke til kommentar
Stimon02 Skrevet 10. september 2007 Forfatter Del Skrevet 10. september 2007 Maskinen gikk i kne ijæn under sf. Har installert sas og den kjører for fult nå. Mere info kommer snart.. Lenke til kommentar
Stimon02 Skrevet 11. september 2007 Forfatter Del Skrevet 11. september 2007 (endret) Etter at sas har kjørt scan på pc'n i natt har den funnet 2 ting som jeg satte i karantene. De 2 tingene var Adware.tracking.cookie og noe som heter Adware.WhenU. Her er logen til sas. Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/11/2007 at 02:07 AM Application Version : 3.9.1008 Core Rules Database Version : 3302 Trace Rules Database Version: 1308 Scan type : Complete Scan Total Scan Time : 02:01:28 Memory items scanned : 483 Memory threats detected : 0 Registry items scanned : 7110 Registry threats detected : 0 File items scanned : 54326 File threats detected : 109 Adware.Tracking Cookie C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@indexstats[2].txt C:\Documents and Settings\Stimon\Cookies\stimon@clicktorrent[2].txt C:\Documents and Settings\Stimon\Cookies\stimon@thebestporn[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@inthecrack[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@yadro[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@downloadwarez[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@adinterax[2].txt C:\Documents and Settings\Stimon\Cookies\stimon@specificclick[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@imrworldwide[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@list[1].txt C:\Documents and Settings\Stimon\Cookies\stimon@serving-sys[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@rambler[1].txt C:\Documents and Settings\Stimon\Cookies\stimon@valueclick[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@clicksor[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@adecn[2].txt C:\Documents and Settings\Stimon\Cookies\stimon@toplist[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@xiti[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@cracks[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@warlog[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@partypoker[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@paycounter[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@usenext[2].txt C:\Documents and Settings\Stimon\Cookies\stimon@adtech[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@overture[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@directaclick[1].txt C:\Documents and Settings\Stimon\Cookies\stimon@adultasiananime[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@goldwarez[1].txt C:\Documents and Settings\Stimon\Cookies\stimon@indextools[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@burstnet[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@hqthefilmsxxx[3].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@keywordmax[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\stimon@pornblograbbit[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][3].txt C:\Documents and Settings\Stimon\Cookies\stimon@clickaider[2].txt C:\Documents and Settings\Stimon\Cookies\stimon@usenext[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][3].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@smartadserver[1].txt C:\Documents and Settings\Stimon\Cookies\stimon@porn101[1].txt C:\Documents and Settings\Stimon\Cookies\stimon@hqthefilmsxxx[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@cpvfeed[2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][3].txt C:\Documents and Settings\Stimon\Cookies\stimon@komtrack[2].txt C:\Documents and Settings\Stimon\Cookies\stimon@sexdebut[1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][1].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\[email protected][2].txt C:\Documents and Settings\Stimon\Cookies\stimon@qksrv[2].txt C:\Documents and Settings\Stimon\Cookies\stimon@hqthefilmsxxx[2].txt C:\Documents and Settings\Stimon\Cookies\stimon@247realmedia[1].txt C:\Documents and Settings\Stimon\Cookies\stimon@precisionclick[1].txt Adware.WhenU C:\PROGRAM FILES\DAEMONTOOLS_WHENUSAVE_INSTALLER\DAEMONTOOLS_WHENUSAVE_INSTALLER.EXE Er det noe mere som jeg bør gjøre?? Endret 11. september 2007 av Stimon02 Lenke til kommentar
norbat Skrevet 11. september 2007 Del Skrevet 11. september 2007 Loggene ser greie ut. For å ta en ekstra sjekk, kan du enten kjøre en full scan med av-programmet ditt (oppdater først) evt. kjør en onlinescanner. F.eks. Houscall (Bruk IE) Lenke til kommentar
Stimon02 Skrevet 11. september 2007 Forfatter Del Skrevet 11. september 2007 Skal kjøre en scan i natt på pc'n. Takk for all hjelpen jeg har fått. Lenke til kommentar
norbat Skrevet 11. september 2007 Del Skrevet 11. september 2007 Bare hyggelig Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå