Sjekk loggen min :)

[1915]

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:32:14, on 12.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Eset\nod32kui.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe

C:\progra~1\valve\steam\steam.exe

C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Programfiler\uTorrent\utorrent.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Programfiler\Winamp\winamp.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [imekrmig7.0] "C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"

O4 - HKLM\..\Run: [iMSCMig] C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload

O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync

O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync

O4 - HKLM\..\Run: [iMJPMIG9.0] C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32

O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S

O4 - HKLM\..\Run: [vc log bows face] C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log\tool proxy.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bandwidthMeterPro] C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe

O4 - HKCU\..\Run: [steam] "c:\progra~1\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [iso Admin] C:\DOCUME~1\ADMINI~1\PROGRA~1\MAGSUP~1\coal cash.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{39B1E8C7-69D8-4E72-A4A6-4E894673F7EC}: NameServer = 10.0.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7048 bytes

 

noe umskheter jeg kan fjerne eller ?

[norbat]

Hent NoLop.exe, legg det på skrivebordet.

Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen.

 

 

Fix disse linjene med HJT:

 

O4 - HKLM\..\Run: [vc log bows face] C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log\tool proxy.exe

O4 - HKCU\..\Run: [iso Admin] C:\DOCUME~1\ADMINI~1\PROGRA~1\MAGSUP~1\coal cash.exe

 

 

Bruk utforsker til å finne og slett (hvis tilstede) følgende mapper (i fet):

C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log

C:\DOCUME~1\ADMINI~1\PROGRA~1\MAGSUP~1 (~1=forkortelse. Finn ei mappe som starter med MAG.. og som inneholder ei fil med navn coal cash.exe)

[1915]

edit: har fjernet windows og lagt inn linux jeg

Endret 19. oktober 2007 av 1915