Gå til innhold

[Løst]Hjelp til fjerning av malware


Anbefalte innlegg

Har visst fått en del malware på pcen... Har skannet med malwarebytes og den fant mye, mens microsoft security essentials sin skann ble avbrutt mot slutten...

 

Her er logg fra malwarebytes:

 

Malwarebytes' Anti-Malware 1.42

Databaseversjon: 3368

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

 

15.12.2009 22:22:32

mbam-log-2009-12-15 (22-22-32).txt

 

Skanntype: Rask Skann

Objekter skannet: 127807

Tid tilbakelagt: 13 minute(s), 31 second(s)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 1

Registernøkler infisert: 32

Registerverdier infisert: 5

Registerfiler infisert: 0

Mapper infisert: 23

Filer infisert: 71

 

Minneprosesser infisert:

C:\Programfiler\Internet Today\1.1.0.1260\InternetToday.exe (Adware.Agent) -> Unloaded process successfully.

 

Minnemoduler infisert:

C:\Programfiler\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet today task (Adware.Agent) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Programfiler\Internet Today (Adware.Agent) -> Delete on reboot.

C:\Programfiler\Internet Today\1.1.0.1260 (Adware.Agent) -> Delete on reboot.

C:\Programfiler\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\Data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\components (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\Data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\components (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\Data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\components (Adware.Agent) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Gameztar Toolbar\2.1.3.6670\mvb0.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\m.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\g.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\h.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\d.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\j.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\k.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\l.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\n.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\*****\Lokale innstillinger\temp\f.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Programfiler\Internet Today\1.1.0.1260\InternetToday.exe (Adware.Agent) -> Delete on reboot.

C:\Programfiler\Internet Today\1.1.0.1260\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Internet Today\1.1.0.1260\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Internet Today\1.1.0.1260\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Internet Today\1.1.0.1260\PixelLogExe.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Internet Today\1.1.0.1260\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Delete on reboot.

C:\Programfiler\Internet Today\1.1.0.1260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Internet Today\1.1.0.1260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\WSOpx.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Web Search Operator\4.1.0.2080\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\ACEpx.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\CPAHelper.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\CPApx.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.

C:\Programfiler\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.

 

 

 

Noen som vet noe om hva dette er/ hvor det kommer fra?

 

Ser at combofix holder på å oppdateres? Er det mulig å få tak i en fungerende versjon nå? Vet noen hvor lenge det er til combofix er i gang igjen?

Lenke til kommentar
Videoannonse
Annonse

Malwarebytes fant ingen flere filer.

Logg fra DDS:

 

 

 

DDS (Ver_09-12-01.01) - NTFSx86

Run by ********* at 11:49:55,10 on 17.12.2009

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1278.681 [GMT 1:00]

 

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00D7-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00F0-0D24-347CA8A3377C}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Programfiler\Microsoft Security Essentials\MsMpEng.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\TBLMOUSE.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Logitech\Logitech Vid\vid.exe

C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Opera\Opera.exe

C:\Documents and Settings\*********\Skrivebord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.startsiden.no/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 10.10.2.1:8080

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programfiler\msn toolbar suite\tb2.05.0000.1105\nb-no\msntb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programfiler\msn toolbar suite\tb2.05.0000.1105\nb-no\msntb.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Logitech Vid] "c:\programfiler\logitech\logitech vid\vid.exe" -bootmode

mRun: [soundMAXPnP] c:\programfiler\analog devices\core\smax4pnp.exe

mRun: [iSUSScheduler] "c:\programfiler\fellesfiler\installshield\updateservice\issch.exe" -start

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [REGSHAVE] c:\programfiler\regshave\REGSHAVE.EXE /AUTORUN

mRun: [atwtusb] atwtusb.exe beta

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [LogitechQuickCamRibbon] "c:\programfiler\logitech\logitech webcam software\LWS.exe" /hide

mRun: [TkBellExe] "c:\programfiler\fellesfiler\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\programfiler\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\programfiler\itunes\iTunesHelper.exe"

mRun: [MSSE] "c:\programfiler\microsoft security essentials\msseces.exe" -hide

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\felles~1\micros~1\dw\dwtrig20.exe" -t

dRun: [Picasa Media Detector] c:\programfiler\picasa2\PicasaMediaDetector.exe

StartupFolder: c:\docume~1\tomeft~1\start-~1\progra~1\oppstart\adobeg~1.lnk - c:\programfiler\fellesfiler\adobe\calibration\Adobe Gamma Loader.exe

IE: &MSN Search - c:\programfiler\msn toolbar suite\tb2.05.0000.1105\nb-no\msntb.dll/search.htm

IE: &Search

IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programfiler\windows live\writer\WriterBrowserExtension.dll

DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137192183468

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programfiler\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\felles~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs:

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

 

============= SERVICES / DRIVERS ===============

 

R0 WDMCAPI;ISDN PCI CAPI;c:\windows\system32\drivers\WDMCAPI.sys [2002-12-17 730880]

R1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2007-12-24 22272]

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2006-1-24 11776]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]

R2 EFUploadSrv;ExtraFilm upload service;c:\programfiler\extrafilm designer no\EFUploadSrv.exe [2009-7-9 1716224]

R2 WinDefend;Windows Defender;c:\programfiler\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [2002-12-9 26112]

S3 pcwe;pcwe;\??\c:\programfiler\pc wizard 2007\pcw86-32.sys --> c:\programfiler\pc wizard 2007\pcw86-32.sys [?]

 

=============== Created Last 30 ================

 

2009-12-15 21:43:40 0 d--h--r- c:\documents and settings\*********\Siste

2009-12-15 21:30:10 0 d-----w- c:\programfiler\Microsoft Security Essentials

2009-12-15 20:33:17 0 d-----w- c:\programfiler\Gameztar Toolbar

2009-12-15 20:33:01 0 dc----w- c:\docume~1\alluse~1\progra~1\{DF8B7D22-CFEA-4F9C-BA2C-2865C5C0BF6B}

2009-12-07 19:11:37 0 d-----w- c:\docume~1\alluse~1\progra~1\hps

2009-12-07 19:03:20 1581704 ----a-w- c:\programfiler\setup_Elkjop_fotoservice.exe

2009-12-07 12:20:49 0 d-----w- c:\programfiler\ExtraFilm Designer NO

2009-12-01 11:05:27 0 d-----w- c:\docume~1\*****~1\progra~1\ExtraFilm

2009-12-01 11:05:05 0 d-----w- c:\docume~1\alluse~1\progra~1\ExtraFilm

2009-11-29 10:27:10 0 d-----w- C:\Games

2009-11-21 17:20:15 0 d-----w- c:\programfiler\StreamTorrent 1.0

 

==================== Find3M ====================

 

2009-12-09 17:38:18 463128 ----a-w- c:\windows\system32\perfh014.dat

2009-12-09 17:38:17 87824 ----a-w- c:\windows\system32\perfc014.dat

2009-12-07 21:30:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-03 15:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 15:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-28 14:38:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-28 14:38:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe

2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2009-10-21 05:41:14 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:41:14 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:41:14 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:41:14 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:38:24 270848 ----a-w- c:\windows\system32\oakley.dll

2009-10-13 10:38:24 270848 ------w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:40:23 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:40:23 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-10-12 13:40:23 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:40:23 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-09-20 18:03:25 499712 ----a-w- c:\windows\system32\msvcp71.dll

2008-07-07 19:16:24 32768 --sha-w- c:\windows\system32\config\systemprofile\lokale innstillinger\logg\history.ie5\mshist012008070720080708\index.dat

 

============= FINISH: 11:51:29,53 ===============

 

 

 

Den rapporterer om at avira er opp og kjører, men det blei avinstallert, men muligens ikke fullt, etter at jeg installerte MSE. Har avira laget et sånt fjern-restene-program?

Endret av matematikern
Lenke til kommentar

Avinstaller eller slett c:\programfiler\Gameztar Toolbar

 

Last ned Hijackthis.

 

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

 

---

Avira har ikke et avinstalleringsprogram, men derimot en registerrenser (kun på tysk) slik at man kan reinstallere avira og se om man ikke får avinstallert det ordentlig da. Nå trenger ikke du å installere det på nytt, men kjør gjerne registerrensen.

Lenke til kommentar

Hijackthis-logg:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:17:24, on 17.12.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Programfiler\Microsoft Security Essentials\MsMpEng.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\TBLMOUSE.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Logitech\Logitech Vid\vid.exe

C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Opera\Opera.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.2.1:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSSE] "c:\Programfiler\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Logitech Vid] "C:\Programfiler\Logitech\Logitech Vid\vid.exe" -bootmode

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137192183468

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs:

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Barn\Mathias\blåtann\bin\btwdins.exe (file missing)

O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe

 

--

End of file - 11565 bytes

 

 

Lenke til kommentar

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

 

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

 

Gå til legg til/fjern programmer og avinstaller alle gamle javaprogrammer (nyeste er update 17).

 

Etter en slik opprydding bør du nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc, fjern merket igjen for å aktivere funksjonen.

Lenke til kommentar

Da var dette gjort!

 

Noe mer jeg bør gjøre? Ser at combofix er oppe og går igjen.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:34:13, on 20.12.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Programfiler\Microsoft Security Essentials\MsMpEng.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe

C:\WINDOWS\system32\TBLMOUSE.EXE

C:\Programfiler\Microsoft Security Essentials\msseces.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Logitech\Logitech Vid\vid.exe

C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.2.1:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSSE] "c:\Programfiler\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Logitech Vid] "C:\Programfiler\Logitech\Logitech Vid\vid.exe" -bootmode

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\npjpi160_17.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\npjpi160_17.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137192183468

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs:

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Barn\Mathias\blåtann\bin\btwdins.exe (file missing)

O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Programfiler\ExtraFilm Designer NO\EFUploadSrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe

 

--

End of file - 11700 bytes

 

 

Lenke til kommentar

Noen som gidder å lese en "liten" logg fra hjt?

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:13:45, on 26.12.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\System32\jureg.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: ClearWalk - {ABFF69C5-6219-4068-AC0D-BC948488C29F} - (no file)

O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe"

O4 - HKCU\..\Run: [38184428] C:\PROGRA~2\38184428\38184428.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET CLR 1.1.4322)" -"http://www.diddl.no/spill/blomst.htm"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: ClearWalk - {11761036-3A1D-4665-B45C-0859C6257862} - (no file)

O9 - Extra 'Tools' menuitem: ClearWalk - {11761036-3A1D-4665-B45C-0859C6257862} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: HP Smart valgmetode - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...NPUpldnb-no.cab

O16 - DPF: {FD60E04A-8F1B-4AC4-8F53-EC5124D610BA} - http://www.buypass.no/support/jnipcsc5/Jni...ate_5.2.0.0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E2228232-DA86-4F05-B258-6B00B8D456BA}: NameServer = 193.213.112.4 130.67.15.198

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

 

--

End of file - 9791 bytes

Lenke til kommentar

Bli med i samtalen

Du kan publisere innhold nå og registrere deg senere. Hvis du har en konto, logg inn nå for å poste med kontoen din.

Gjest
Skriv svar til emnet...

×   Du har limt inn tekst med formatering.   Lim inn uten formatering i stedet

  Du kan kun bruke opp til 75 smilefjes.

×   Lenken din har blitt bygget inn på siden automatisk.   Vis som en ordinær lenke i stedet

×   Tidligere tekst har blitt gjenopprettet.   Tøm tekstverktøy

×   Du kan ikke lime inn bilder direkte. Last opp eller legg inn bilder fra URL.

Laster...
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...