Gå til innhold

Virus alert! hvordan få bort?


Anbefalte innlegg

Tror jeg har spurt om dette før, men husker ikke hvordan jeg fikk det bort sist.

Jeg surfet rundt på nettet, plutselig dukket det opp et tegn nede på verktøylinjen.

Det er et tegn som skifter mellom disse: Uten_navn.bmp

Denne kommer også opp samtidig: Uten_navn2.bmp

Pluss at når jeg skal starte Ad-Aware så søker den, etter 30sec kommer det opp at explorer.exe ikke svarer, og så kan jeg velge send eller ikke send rapport, hvis jeg bare lar det være, restarter maskinen uten forvarsel.

 

Hjelp mottas med takk

Lenke til kommentar
Videoannonse
Annonse

Ah, en liten Smitfraudinfeksjon (variant Spyfalcon, sannsynligvis). Medisinen finner du her:

http://siri.geekstogo.com/SmitfraudFix.php

 

Du kan like gjerne kjøre alternativ 2 (clean) med det samme, da diagnosen er entydig.. Husk at den må kjøres i safe mode.

 

Etterpå legger du ut en logg fra HijackThis (du finner'n f eks hos www.merijn.org), "do a scan and save a log", i tilfelle det skulle være mer grums.

 

Bernt K

Lenke til kommentar

Pc'en restarter fortsann når jeg kjører Ad-Aware.

 

Men her er HiJackThis-loggenSkjult tekst: (Marker innholdet i feltet for å se teksten):

Logfile of HijackThis v1.99.1

Scan saved at 14:13:29, on 15.08.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Programfiler\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Ideazon\Zboard Software\Driver\ZboardTray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

C:\Programfiler\ClamWin\bin\ClamTray.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe

C:\WINDOWS\system32\85190b72.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\HDD Thermometer\HDD Thermometer.exe

C:\Programfiler\HACE\Mmm\Mmm.exe

C:\Programfiler\Ideazon\Zboard Software\Driver\Zboard.exe

C:\PROGRA~1\SCURIT~1\msiexec.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\w?auclt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\regsvr32.exe

C:\Programfiler\WinRAR\WinRAR.exe

C:\DOCUME~1\GUNNAR~1\LOKALE~1\Temp\Rar$EX00.578\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.logitech.com/?BW=2&OS=05.0...=nor&PI=IT&CT=D

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {B744941D-2AF0-270F-DBF7-5217B6850AC4} - C:\WINDOWS\system32\ldpntch.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\system32\compstuig.dll

O2 - BHO: (no name) - {B744941D-2AF0-270F-DBF7-5217B6850AC4} - C:\WINDOWS\system32\ldpntch.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ClamWin] "C:\Programfiler\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe

O4 - HKLM\..\Run: [85190b72.exe] C:\WINDOWS\system32\85190b72.exe

O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Programfiler\HDD Thermometer\HDD Thermometer.exe

O4 - HKCU\..\Run: [Mmm] "C:\Programfiler\HACE\Mmm\Mmm.exe"

O4 - HKCU\..\Run: [steam] "e:\spill\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Eurn] "C:\PROGRA~1\SCURIT~1\msiexec.exe" -vt yazr

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [85190b72.exe] C:\Documents and Settings\Gunnar Gulbrandsen\Lokale innstillinger\Programdata\85190b72.exe

O4 - Startup: CCleaner.lnk = C:\Programfiler\CCleaner\ccleaner.exe

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe

O8 - Extra context menu item: &Google-søk - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Koblinger bakover - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Lignende sider - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136727398062

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\scanregw.dll

O20 - Winlogon Notify: h618 - C:\WINDOWS\g519093.dll

O20 - Winlogon Notify: h619 - C:\WINDOWS\g5716328.dll

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll (file missing)

O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll

O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Lenke til kommentar

Ikke bare en Smitfraudsak, plukk ned og bruk cwshredder (du finner den hos Trend, bruk google).

Og så tror jeg nesten du bør slå til med Ewido kjørt i safe mode. Setup går fram av sida.

Denne:

C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\w?auclt.exe

bruker du Killbox på, ta hele mappa c:\..\..\?racle\

 

Vi skal også prøve L2Mfix, da jeg synes en 020-sak minner om det: Prøv denne framgangsmåten:

http://www.computing.net/security/wwwboard/forum/17828.html, kjør bare alt 1, og legg ut loggen.

 

Etterpå ser vi gjerne en blodfersk HJTlogg.

 

Jeg regner med at det vil fortsatt være igjen noe snusk, men vi får se.

 

Bernt K

Lenke til kommentar
  • 2 uker senere...

Har ikke hatt tid til å sjekke med ewido før nå, men her har du en logg Skjult tekst: (Marker innholdet i feltet for å se teksten):

Logfile of HijackThis v1.99.1

Scan saved at 16:01:42, on 28.08.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Programfiler\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Ideazon\Zboard Software\Driver\ZboardTray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

C:\Programfiler\ClamWin\bin\ClamTray.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe

C:\Programfiler\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\HDD Thermometer\HDD Thermometer.exe

C:\Programfiler\HACE\Mmm\Mmm.exe

E:\spill\steam\steam.exe

C:\PROGRA~1\SCURIT~1\msiexec.exe

C:\Programfiler\Ideazon\Zboard Software\Driver\Zboard.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\?dobe\?hkntfs.exe

C:\FRAPS\FRAPS.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\WinRAR\WinRAR.exe

C:\DOCUME~1\GUNNAR~1\LOKALE~1\Temp\Rar$EX00.047\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.logitech.com/?BW=2&OS=05.0...=nor&PI=IT&CT=D

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing)

R3 - URLSearchHook: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll

O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll

O2 - BHO: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\system32\compstuig.dll (file missing)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll

O2 - BHO: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll

O2 - BHO: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ClamWin] "C:\Programfiler\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe

O4 - HKLM\..\Run: [!ewido] "C:\Programfiler\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Programfiler\HDD Thermometer\HDD Thermometer.exe

O4 - HKCU\..\Run: [Mmm] "C:\Programfiler\HACE\Mmm\Mmm.exe"

O4 - HKCU\..\Run: [steam] "e:\spill\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Eurn] "C:\PROGRA~1\SCURIT~1\msiexec.exe" -vt ndrv

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [85190b72.exe] C:\Documents and Settings\Gunnar Gulbrandsen\Lokale innstillinger\Programdata\85190b72.exe

O4 - HKCU\..\Run: [Nnbiit] C:\Programfiler\?dobe\?hkntfs.exe

O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

O4 - Startup: CCleaner.lnk = C:\Programfiler\CCleaner\ccleaner.exe

O8 - Extra context menu item: &Google-søk - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Koblinger bakover - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Lignende sider - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136727398062

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: wbsys.dll

O20 - Winlogon Notify: h618 - C:\WINDOWS\g519093.dll (file missing)

O20 - Winlogon Notify: h619 - C:\WINDOWS\g5716328.dll

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll (file missing)

O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)

O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Lenke til kommentar

Velvel, har du kjørt Ewido i safe mode? Loggen derfra ville være kjekt. Det ser ut som SmitFraudvarianten og L2M nå er uskadeliggjort.

 

Søren heller; denne:

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll

ER en CWvariant. Det er mer enda.

Alle disse:

R3 - URLSearchHook: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing)

R3 - URLSearchHook: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll

O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll

O2 - BHO: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\system32\compstuig.dll (file missing)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll

O2 - BHO: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll

O2 - BHO: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing)

O4 - HKCU\..\Run: [Mmm] "C:\Programfiler\HACE\Mmm\Mmm.exe"

O4 - HKCU\..\Run: [Eurn] "C:\PROGRA~1\SCURIT~1\msiexec.exe" -vt ndrv

O4 - HKCU\..\Run: [85190b72.exe] C:\Documents and Settings\Gunnar Gulbrandsen\Lokale innstillinger\Programdata\85190b72.exe

O4 - HKCU\..\Run: [Nnbiit] C:\Programfiler\?dobe\?hkntfs.exe

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

O20 - Winlogon Notify: h618 - C:\WINDOWS\g519093.dll (file missing)

O20 - Winlogon Notify: h619 - C:\WINDOWS\g5716328.dll

 

er bæsj. Jeg antar det ikke vil hjelpe å "fixe" dem med HJT, så:

 

Jeg ser at ?racle har mutert til ?dobe i

C:\Programfiler\?dobe\?hkntfs.exe

 

Unnskyld ropinga: HENT DEG ET AVprogram! Avast! og AVG er gode og gratis. Ewido strekker ikke til.

 

Her må du til med AVprogram i safe mode, spysweeper (trialversjon), Panda Activescan, Trend Housecall, ccleaner gjentatte ganger.

Kjør disse, ccleaner nok en gang, Panda en gang til, og legg ut Pandaloggen med en fersk HJTlogg.

 

Bernt K /(Sorry, jeg er litt presset på tid...)

Lenke til kommentar
  • 4 måneder senere...

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...