Photobucket-virus fra MSN

[Larsaa]

Hei,

 

har også fått det beryktede viruset. Har kjørt MSNfix to ganger, her er loggene:

 

 

MSNFix 1.625

 

C:\MSNFix

Scan done at 12.01.2008 - 15:41:31,73 By Lars Aga

normal mode

 

************************ Checking Files

 

... C:\Autorun.inf

... C:\autorun.inf

... C:\WINDOWS\images.zip

... C:\WINDOWS\images.zip

... C:\WINDOWS\images.zip

 

************************ MSNCHK ***** /!\ beta test /!\

 

 

 

************************ Checking Folders

 

No Folders Found

 

 

 

 

************************ Deleting malware Files

 

.. OK ... C:\Autorun.inf

.. OK ... C:\autorun.inf

.. OK ... C:\WINDOWS\images.zip

.. OK ... C:\WINDOWS\images.zip

.. OK ... C:\WINDOWS\images.zip

 

 

 

************************ Registry Cleaning

 

 

 

************************ Suspect Files

 

/!\ The detected files must be reviewed by a forum Helper before changes can be made

 

[C:\LimeWireWin.exe] A56F974CBFB4DC80FF89BAFEE8061921

[C:\SETUP.EXE] 77862663FE835DFD734726510F83D202

[C:\StubInstaller.exe] 90132B7FBF3B577479C72B13F9C55A2B

 

==> Please upload the file C:\DOCUME~1\LARSAG~1\SKRIVE~1\Upload_Me.zip to http://upload.changelog.fr

 

 

 

The File and Registry deletions have been saved in 2008-01-12_15460487.zip

 

 

------------------------------------------------------------------------

Author : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

 

Logg 2:

 

MSNFix 1.625

 

C:\MSNFix

Scan done at 12.01.2008 - 17:46:51,48 By Lars Aga

normal mode

 

************************ Checking Files

 

No files found

 

************************ Checking Folders

 

No Folders Found

 

 

************************ Suspect Files

 

/!\ The detected files must be reviewed by a forum Helper before changes can be made

 

[C:\LimeWireWin.exe] A56F974CBFB4DC80FF89BAFEE8061921

[C:\StubInstaller.exe] 90132B7FBF3B577479C72B13F9C55A2B

 

==> Please upload the file C:\DOCUME~1\LARSAG~1\SKRIVE~1\Upload_Me.zip to http://upload.changelog.fr

 

 

 

 

------------------------------------------------------------------------

Author : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

Også er det den siste Combofix-loggen:

 

ComboFix 08-01-11.3 - Lars Aga 2008-01-12 18:03:08.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.683 [GMT 1:00]

Running from: C:\Documents and Settings\Lars Aga\Lokale innstillinger\Temporary Internet Files\Content.IE5\W2UFZZLW\ComboFix[1].exe

.

 

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

 

2008-01-12 17:26 . 2008-01-12 17:27 <DIR> d-------- C:\Documents and Settings\Lars Aga\Programdata\PrevxCSI

2008-01-12 17:26 . 2008-01-12 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Prevx

2008-01-12 16:37 . 2008-01-12 16:37 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-01-12 16:37 . 2008-01-12 16:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-01-12 16:37 . 2008-01-12 16:37 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-01-12 16:37 . 2008-01-12 16:37 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2008-01-12 16:37 . 2008-01-12 16:37 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\InterTrust

2008-01-12 16:37 . 2008-01-12 16:37 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-01-12 16:37 . 2008-01-12 16:37 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-01-12 15:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 15:40 . 2008-01-12 17:58 <DIR> d-------- C:\MSNFix

2008-01-12 15:26 . 2008-01-12 16:37 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-01-12 15:26 . 2008-01-12 16:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-01-12 15:26 . 2008-01-12 17:01 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-01-12 15:26 . 2008-01-12 16:37 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter

2008-01-12 13:37 . 2008-01-12 13:37 <DIR> d-------- C:\Programfiler\Alwil Software

2008-01-10 14:28 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll

2008-01-10 14:27 . 2008-01-10 14:27 <DIR> d-------- C:\Programfiler\eRightSoft

2008-01-09 00:13 . 2008-01-09 00:13 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-01-09 00:11 . 2008-01-09 00:11 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-01-09 00:11 . 2008-01-09 00:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-01-09 00:09 . 2008-01-09 00:09 <DIR> d-------- C:\Programfiler\Sony

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-11 20:29 --------- d-----w C:\Programfiler\Championship Manager 01-02

2008-01-11 17:41 --------- d-----w C:\Programfiler\nordicbetMPP

2008-01-11 17:41 --------- d-----w C:\Documents and Settings\Lars Aga\Programdata\Microgaming

2008-01-08 23:08 --------- d-----w C:\Programfiler\Common Files

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-12-03 17:50 --------- d-----w C:\Programfiler\Bet24

2007-11-25 12:09 --------- d-----w C:\Documents and Settings\Lars Aga\Programdata\Apple Computer

2007-11-15 14:25 --------- d-----w C:\Programfiler\QuickTime

2007-11-15 14:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2007-11-15 14:23 --------- d-----w C:\Programfiler\Apple Software Update

2007-11-15 14:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 13:39 --------- d-----w C:\Programfiler\Java

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:57 8,460,800 ------w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2006-04-17 10:18 8 -c-h--w C:\Programfiler\.drv120405.dat

2006-04-17 10:18 8 -c-h--w C:\Programfiler\.data211204.dat

2006-04-17 10:18 8 -c-h--w C:\Programfiler\.data211004.dat

2006-04-17 10:18 8 -c-h--w C:\Programfiler\.dat000001.dat

2006-04-17 10:18 8 -c-h--w C:\Documents and Settings\Lars Aga\Programdata\.drv190904.dat

2006-04-17 10:18 8 -c-h--w C:\Documents and Settings\Lars Aga\Programdata\.data001.dat

2006-04-17 10:18 8 -c-h--w C:\Documents and Settings\Lars Aga\Programdata\.app190905.dat

2006-04-17 10:18 8 -c-h--w C:\Documents and Settings\Lars Aga\Programdata\.addit001.dat

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-12_15.57.05.39 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-11-15 23:23:32 112,132 -c--a-w C:\WINDOWS\system32\Restore\rstrlog.dat

+ 2008-01-12 15:37:20 390,488 -c--a-w C:\WINDOWS\system32\Restore\rstrlog.dat

+ 2008-01-12 16:43:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_63c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Works Update Detection"="C:\Programfiler\Microsoft Works\WkDetect.exe" [2000-09-14 13:53 28739]

"WorksFUD"="" []

"Microsoft Works Portfolio"="C:\Programfiler\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]

"SoundMan"="SOUNDMAN.EXE" [2002-03-21 09:23 46592 C:\WINDOWS\SOUNDMAN.EXE]

"InCD"="C:\Program Files\ahead\InCD\InCD.exe" [2002-12-24 15:19 1196032]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"ppmate"="C:\Programfiler\PPMate\PPMate\ppmate.exe" [ ]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-10-19 20:16 286720]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-05-14 23:22 35328]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]

Microsoft Works Calendar Reminders.lnk - C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe [2002-07-08 11:40:45]

P†minnelser for Microsoft Works Kalender.lnk - C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe [2002-07-08 11:40:45]

 

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 23:07]

R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-12-24 16:38]

S3 cmeu0wdm;CardMan 2020;C:\WINDOWS\system32\DRIVERS\cmeu0wdm.sys [2002-07-08 12:28]

S3 nvcoafl51;nvcoafl51;C:\NORMAN\nvc\BIN\nvcoafl51.sys []

S3 nvcoaft51;nvcoaft51;C:\NORMAN\nvc\BIN\nvcoaft51.sys []

S3 nvcoarc51;nvcoarc51;C:\NORMAN\nvc\BIN\nvcoarc51.sys []

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 21:51]

S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 12:58]

S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07]

 

.

Contents of the 'Scheduled Tasks' folder

"2007-11-15 14:23:57 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-12 18:09:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\NORMAN\nvc\BIN\NormanPF.DLL

-> C:\NORMAN\nvc\BIN\OSOCKMGR.DLL

-> C:\NORMAN\nvc\BIN\ORULEMGR.DLL

-> C:\NORMAN\nvc\BIN\OACTNMGR.DLL

.

Completion time: 2008-01-12 18:10:51

ComboFix-quarantined-files.txt 2008-01-12 17:10:21

ComboFix2.txt 2008-01-12 16:01:36

ComboFix3.txt 2008-01-12 14:58:08

.

2008-01-10 00:51:38 --- E O F ---

[norbat]

Loggen ser grei ut.

 

Kunne du også ha postet en hjt-logg?

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

[Larsaa]

Hjt-logg:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:50, on 12.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ahead\InCD\InCD.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Winamp\winampa.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\CyberDefender\AntiSpyware\cdas3.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programfiler\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ppmate] C:\Programfiler\PPMate\PPMate\ppmate.exe -autoplay

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Programfiler\CyberDefender\AntiSpyware\ISSIntro.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Programfiler\CyberDefender\AntiSpyware\cdas3.exe" /minimize

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Påminnelser for Microsoft Works Kalender.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programfiler\nordicbetMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.sf-anytime.com

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

 

--

End of file - 7135 bytes

[norbat]

Ser greit ut.

 

Du kan fix følgende linje med hjt (sett merke framfor linja og klikk Fix checked)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

 

Du bør vurdere å oppdatere til IE 7.

 

Nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

jern merket igjen for å aktivere funksjonen.