Gå til innhold

Har fått virus/spyware med pop-up


Anbefalte innlegg

Har fåt virus å pcn med uønskede pop-ups og trenger hjelp til å fjerne det

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:07:40, on 23.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PRISMSVR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\WINDOWS\system32\WF2K.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Seekmo\bin\10.0.314.0\OEAddOn.exe

C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Online Add-on\isfmntr.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Online Add-on\isfmm.exe

C:\Program Files\Online Add-on\icmntr.exe

C:\Program Files\Online Add-on\icthis.exe

C:\Program Files\Grisoft\AVG7\avgwb.dat

C:\Program Files\Opera\Opera.exe

c:\program files\winamp toolbar\WinampTbServer.exe

C:\Program Files\Seekmo\bin\10.0.314.0\Srv.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: {4c8ce469-3704-6d1b-2ce4-d551397e7b55} - {55b7e793-155d-4ec2-b1d6-4073964ec8c4} - (no file)

O2 - BHO: (no name) - {67A5715D-2C83-452A-923F-274AFE1F4B57} - (no file)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {8E2B64D9-B406-4E2B-8927-A0B3B82DD860} - (no file)

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Online Add-on\isfmdl.dll

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201099696.dll

O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [seekmoOE] C:\Program Files\Seekmo\bin\10.0.314.0\OEAddOn.exe

O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe"

O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: Joost.lnk = C:\Program Files\Joost\xulrunner\tvprunner.exe

O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)

O20 - Winlogon Notify: khfgecb - khfgecb.dll (file missing)

O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

 

--

End of file - 9203 bytes

Lenke til kommentar
Videoannonse
Annonse

Ja, her var det nok en god del å ta tak i!

 

(Og siden jeg er ganske ny i denne leken, anbefaler jeg deg å ikke gjøre noe uten å få det bekreftet av andre)

 

 

Bruk hijack this, sett hake forran følgende navn, og trykk fix:

 

 

O2 - BHO: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O2 - BHO: {4c8ce469-3704-6d1b-2ce4-d551397e7b55} - {55b7e793-155d-4ec2-b1d6-4073964ec8c4} - (no file)

O2 - BHO: (no name) - {67A5715D-2C83-452A-923F-274AFE1F4B57} - (no file)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)

O2 - BHO: (no name) - {8E2B64D9-B406-4E2B-8927-A0B3B82DD860} - (no file)

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program

O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll

O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll

O4 - HKLM\..\Run: [seekmoOE] C:\Program Files\Seekmo\bin\10.0.314.0\OEAddOn.exe

O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe"

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)

O20 - Winlogon Notify: khfgecb - khfgecb.dll (file missing)

O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)

 

 

 

 

Dette var virkelig noe av det værste jeg har sett (den siste måneden), men husk å ikke gjøre noe før det er blitt bekreftet!!!

 

 

 

edit: følg beskjeden til norbat du ;)

Endret av r2d290
Lenke til kommentar
Ja, her var det nok en god del å ta tak i!

 

(Og siden jeg er ganske ny i denne leken, anbefaler jeg deg å ikke gjøre noe uten å få det bekreftet av andre)

 

 

Bruk hijack this, sett hake forran følgende navn, og trykk fix:

 

 

O2 - BHO: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O2 - BHO: {4c8ce469-3704-6d1b-2ce4-d551397e7b55} - {55b7e793-155d-4ec2-b1d6-4073964ec8c4} - (no file)

O2 - BHO: (no name) - {67A5715D-2C83-452A-923F-274AFE1F4B57} - (no file)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)

O2 - BHO: (no name) - {8E2B64D9-B406-4E2B-8927-A0B3B82DD860} - (no file)

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program

O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll

O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll

O4 - HKLM\..\Run: [seekmoOE] C:\Program Files\Seekmo\bin\10.0.314.0\OEAddOn.exe

O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe"

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)

O20 - Winlogon Notify: khfgecb - khfgecb.dll (file missing)

O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)

 

 

 

 

Dette var virkelig noe av det værste jeg har sett (den siste måneden), men husk å ikke gjøre noe før det er blitt bekreftet!!!

 

 

 

edit: følg beskjeden til norbat du ;)

 

Det var også noe av det verste jeg har sett de siste månedene. Fy søren, lenge siden formatering?

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...