No14 Skrevet 16. august 2008 Del Skrevet 16. august 2008 Jeg har fått et program lagt til pc`en som heter antivirus xp. Jeg klarer ikke å fjerne det. Det gjør at jeg får masse pop ups og maskinen restarter seg selv. Hvordan får jeg fernet dritten? Takker for svar! Lenke til kommentar
No14 Skrevet 16. august 2008 Forfatter Del Skrevet 16. august 2008 Sorry leste ikke sticker Lenke til kommentar
r2d290 Skrevet 16. august 2008 Del Skrevet 16. august 2008 Ja, følg stickey, og post loggene her Lenke til kommentar
No14 Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 Logg fra sas: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 08/16/2008 at 05:58 PM Application Version : 4.15.1000 Core Rules Database Version : 3538 Trace Rules Database Version: 1527 Scan type : Quick Scan Total Scan Time : 00:11:12 Memory items scanned : 557 Memory threats detected : 7 Registry items scanned : 480 Registry threats detected : 2 File items scanned : 8295 File threats detected : 158 Rogue.Dropper/Gen C:\WINDOWS\SYSTEM32\LPHCV0LJ0ENF3.EXE C:\WINDOWS\SYSTEM32\LPHCV0LJ0ENF3.EXE [lphcv0lj0enf3] C:\WINDOWS\SYSTEM32\LPHCV0LJ0ENF3.EXE NotHarmful.Sysinternals Bluescreen Screen Saver C:\WINDOWS\SYSTEM32\BLPHCV0LJ0ENF3.SCR C:\WINDOWS\SYSTEM32\BLPHCV0LJ0ENF3.SCR C:\WINDOWS\Prefetch\BLPHCV0LJ0ENF3.SCR-1E7DBCC5.pf Rogue.AntiVirus XP 2008 C:\PROGRAMFILER\RHCR0LJ0ENF3\RHCR0LJ0ENF3.EXE C:\PROGRAMFILER\RHCR0LJ0ENF3\RHCR0LJ0ENF3.EXE C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008\Uninstall.lnk C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008\License Agreement.lnk C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008\Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008 C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Skrivebord\Antivirus XP 2008.lnk C:\WINDOWS\Prefetch\RHCR0LJ0ENF3.EXE-0F2BD305.pf Rogue.Antivirus/Fake C:\PROGRAMFILER\RHCR0LJ0ENF3\MSVCP71.DLL C:\PROGRAMFILER\RHCR0LJ0ENF3\MSVCP71.DLL C:\PROGRAMFILER\RHCR0LJ0ENF3\MSVCR71.DLL C:\PROGRAMFILER\RHCR0LJ0ENF3\MSVCR71.DLL C:\PROGRAMFILER\RHCR0LJ0ENF3\MFC71.DLL C:\PROGRAMFILER\RHCR0LJ0ENF3\MFC71.DLL [sMrhcr0lj0enf3] C:\PROGRAMFILER\RHCR0LJ0ENF3\RHCR0LJ0ENF3.EXE C:\PROGRAMFILER\RHCR0LJ0ENF3\UNINSTALL.EXE C:\PROGRAMFILER\RHCR0LJ0ENF3\LICENSE.TXT C:\DOCUMENTS AND SETTINGS\ANDRé\PROGRAMDATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\ANTIVIRUS XP 2008.LNK C:\WINDOWS\Prefetch\UNINSTALL.EXE-380E0FCB.pf Rogue.MalwareProtector/Variant C:\WINDOWS\SYSTEM32\PPHCV0LJ0ENF3.EXE C:\WINDOWS\SYSTEM32\PPHCV0LJ0ENF3.EXE C:\WINDOWS\SYSTEM32\1.TMP C:\WINDOWS\SYSTEM32\2.TMP C:\WINDOWS\Prefetch\PPHCV0LJ0ENF3.EXE-0234BE21.pf Adware.Tracking Cookie C:\Documents and Settings\André\Cookies\andré@adserver.tinde[1].txt C:\Documents and Settings\André\Cookies\andré@tribalfusion[1].txt C:\Documents and Settings\André\Cookies\andré@webcount.finn[1].txt C:\Documents and Settings\André\Cookies\andré@mediaplex[1].txt C:\Documents and Settings\André\Cookies\andré@telenorstartsiden.112.2o7[1].txt C:\Documents and Settings\André\Cookies\andré@e2.emediate[1].txt C:\Documents and Settings\André\Cookies\andré@serving-sys[1].txt C:\Documents and Settings\André\Cookies\andré@findexa.adbureau[2].txt C:\Documents and Settings\André\Cookies\andré@msnportal.112.2o7[1].txt C:\Documents and Settings\André\Cookies\andré@ads.vg.basefarm[2].txt C:\Documents and Settings\André\Cookies\andré@apmebf[2].txt C:\Documents and Settings\André\Cookies\andré@advertpro2.babymedia[1].txt C:\Documents and Settings\André\Cookies\andré@tacoda[2].txt C:\Documents and Settings\André\Cookies\andré@bs.serving-sys[1].txt C:\Documents and Settings\André\Cookies\andré@demo6.adbureau[2].txt C:\Documents and Settings\André\Cookies\andré@statse.webtrendslive[1].txt C:\Documents and Settings\André\Cookies\andré@overture[1].txt C:\Documents and Settings\André\Cookies\andré@ads.zett[1].txt C:\Documents and Settings\André\Cookies\andré@skandiadev.112.2o7[1].txt C:\Documents and Settings\André\Cookies\andré@questionmarket[1].txt C:\Documents and Settings\André\Cookies\andré@atdmt[2].txt C:\Documents and Settings\André\Cookies\andré@banner.finn[1].txt C:\Documents and Settings\André\Cookies\andré@ad.yieldmanager[2].txt C:\Documents and Settings\André\Cookies\andré@stat.www[1].txt C:\Documents and Settings\André\Cookies\andré@track.adform[1].txt C:\Documents and Settings\André\Cookies\andré@ad.start[1].txt C:\Documents and Settings\André\Cookies\andré@advertising[1].txt C:\Documents and Settings\André\Cookies\andré@doubleclick[1].txt C:\Documents and Settings\André\Cookies\andré@indextools[2].txt C:\Documents and Settings\André\Cookies\andré@revsci[1].txt C:\Documents and Settings\André\Cookies\andré@ads.pointroll[1].txt C:\Documents and Settings\André\Cookies\andré@tradedoubler[2].txt C:\Documents and Settings\André\Cookies\andré@specificclick[2].txt C:\Documents and Settings\André\Cookies\andré@stumbleupon.112.2o7[1].txt C:\Documents and Settings\André\Cookies\andré@adtech[1].txt C:\Documents and Settings\André\Cookies\andré@ad.zanox[1].txt C:\Documents and Settings\André\Cookies\andré@tripod[1].txt C:\Documents and Settings\André\Cookies\andré@imrworldwide[2].txt C:\Documents and Settings\Helene\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@yourmedia[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@drivecleaner[2].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][3].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\helene@toplist[1].txt C:\Documents and Settings\Helene\Cookies\helene@sexy-babes[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][4].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\helene@netmediagroup[2].txt C:\Documents and Settings\Helene\Cookies\helene@focalex[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][4].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][3].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@atwola[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@adcentriconline[2].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][3].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@friendfinder[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\helene@mediaport[2].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@azjmp[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][4].txt C:\Documents and Settings\Helene\Cookies\helene@1sexynight[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][3].txt C:\Documents and Settings\Helene\Cookies\[email protected][5].txt C:\Documents and Settings\Helene\Cookies\[email protected][3].txt C:\Documents and Settings\Helene\Cookies\helene@socialmedia[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][5].txt C:\Documents and Settings\Helene\Cookies\helene@traffictracker[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][5].txt C:\Documents and Settings\Helene\Cookies\helene@apmebf[2].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][7].txt C:\Documents and Settings\Helene\Cookies\[email protected][8].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@nextag[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@advertising[2].txt C:\Documents and Settings\Helene\Cookies\helene@crackle[2].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][4].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\helene@socialmedia[3].txt C:\Documents and Settings\Helene\Cookies\helene@bravenet[1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@atdmt[2].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\helene@indexstats[2].txt C:\Documents and Settings\Helene\Cookies\[email protected][4].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][2].txt C:\Documents and Settings\Helene\Cookies\[email protected][1].txt C:\Documents and Settings\Helene\Cookies\[email protected][9].txt Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\PHCV0LJ0ENF3.BMP hjt logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:24, on 2008-08-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\ANDRÉ\LOKALE~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Java\jre1.6.0_05\bin\jucheck.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://helenecw87.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: __c00C75B0 - C:\WINDOWS\system32\__c00C75B0.dat O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe -- End of file - 13223 bytes Combofix hengte seg hver gang jeg prøvde det. Vet ikke hvorfor?? Lenke til kommentar
r2d290 Skrevet 17. august 2008 Del Skrevet 17. august 2008 Ser ut til at SUPERAntiSpyware fjernet mesteparten av det. Men skulle gjerne hatt en combofix (eller noe tilsvarende) for å være sikker... PUNKT 1: Avinstaller Combofix: Trykk på startmenyen, og deretter "kjør". Skriv: combofix /u PUNKT 2: Last ned Combofix på nytt, og se om det funker da. Husk å legge combofix på Skrivebordet... Punkt 3: Hvis ikke dette funker heller, prøver vi med en Decard-logg: Hent Decard,legg på skrivebord. Kjør dss.exe og følge veiledningen. Når scanningen er ferdig, åpnes det en logg (main.txt) som du kopierer og limer inn i din neste post Lenke til kommentar
No14 Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 Combofix virker fortsatt ikke.. Decard fant ikke siden til den. Tydelig at ikke alt er borte,fortsat en del popups og driiit. Lenke til kommentar
norbat Skrevet 17. august 2008 Del Skrevet 17. august 2008 Hent Decard her: http://deckard.geekstogo.com/dss.exe Lenke til kommentar
No14 Skrevet 18. august 2008 Forfatter Del Skrevet 18. august 2008 Deckard's System Scanner interacts with a specific rootkit (tdssserv) in a way that may make your system unusable (altering the svchost netsvcs registry entry). This download link has been removed until a fix is released by Deckard. For your own protection, please do not attempt to download this tool from other sites. 08/17/2008 Lenke til kommentar
norbat Skrevet 18. august 2008 Del Skrevet 18. august 2008 Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå