DeHawk89 Skrevet 23. januar 2008 Rapporter Del Skrevet 23. januar 2008 Har fåt virus å pcn med uønskede pop-ups og trenger hjelp til å fjerne det Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:07:40, on 23.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\system32\WF2K.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Seekmo\bin\10.0.314.0\OEAddOn.exe C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Steam\Steam.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Online Add-on\isfmntr.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Online Add-on\isfmm.exe C:\Program Files\Online Add-on\icmntr.exe C:\Program Files\Online Add-on\icthis.exe C:\Program Files\Grisoft\AVG7\avgwb.dat C:\Program Files\Opera\Opera.exe c:\program files\winamp toolbar\WinampTbServer.exe C:\Program Files\Seekmo\bin\10.0.314.0\Srv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: {4c8ce469-3704-6d1b-2ce4-d551397e7b55} - {55b7e793-155d-4ec2-b1d6-4073964ec8c4} - (no file) O2 - BHO: (no name) - {67A5715D-2C83-452A-923F-274AFE1F4B57} - (no file) O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {8E2B64D9-B406-4E2B-8927-A0B3B82DD860} - (no file) O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Online Add-on\isfmdl.dll O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201099696.dll O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [seekmoOE] C:\Program Files\Seekmo\bin\10.0.314.0\OEAddOn.exe O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Joost.lnk = C:\Program Files\Joost\xulrunner\tvprunner.exe O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: khfgecb - khfgecb.dll (file missing) O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE -- End of file - 9203 bytes Lenke til kommentar
norbat Skrevet 23. januar 2008 Rapporter Del Skrevet 23. januar 2008 Du har en del rammel, så for å rydde litt, følger du langversjonen i denne posten: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres etter, legger du her i din egen tråd Lenke til kommentar
r2d290 Skrevet 23. januar 2008 Rapporter Del Skrevet 23. januar 2008 (endret) Ja, her var det nok en god del å ta tak i! (Og siden jeg er ganske ny i denne leken, anbefaler jeg deg å ikke gjøre noe uten å få det bekreftet av andre) Bruk hijack this, sett hake forran følgende navn, og trykk fix: O2 - BHO: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: {4c8ce469-3704-6d1b-2ce4-d551397e7b55} - {55b7e793-155d-4ec2-b1d6-4073964ec8c4} - (no file) O2 - BHO: (no name) - {67A5715D-2C83-452A-923F-274AFE1F4B57} - (no file) O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file) O2 - BHO: (no name) - {8E2B64D9-B406-4E2B-8927-A0B3B82DD860} - (no file) O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll O4 - HKLM\..\Run: [seekmoOE] C:\Program Files\Seekmo\bin\10.0.314.0\OEAddOn.exe O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe" O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: khfgecb - khfgecb.dll (file missing) O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing) Dette var virkelig noe av det værste jeg har sett (den siste måneden), men husk å ikke gjøre noe før det er blitt bekreftet!!! edit: følg beskjeden til norbat du Endret 23. januar 2008 av r2d290 Lenke til kommentar
Programvare Skrevet 23. januar 2008 Rapporter Del Skrevet 23. januar 2008 Ja, her var det nok en god del å ta tak i! (Og siden jeg er ganske ny i denne leken, anbefaler jeg deg å ikke gjøre noe uten å få det bekreftet av andre) Bruk hijack this, sett hake forran følgende navn, og trykk fix: O2 - BHO: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: {4c8ce469-3704-6d1b-2ce4-d551397e7b55} - {55b7e793-155d-4ec2-b1d6-4073964ec8c4} - (no file) O2 - BHO: (no name) - {67A5715D-2C83-452A-923F-274AFE1F4B57} - (no file) O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file) O2 - BHO: (no name) - {8E2B64D9-B406-4E2B-8927-A0B3B82DD860} - (no file) O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.314.0\HostIE.dll O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll O4 - HKLM\..\Run: [seekmoOE] C:\Program Files\Seekmo\bin\10.0.314.0\OEAddOn.exe O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe" O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: khfgecb - khfgecb.dll (file missing) O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing) Dette var virkelig noe av det værste jeg har sett (den siste måneden), men husk å ikke gjøre noe før det er blitt bekreftet!!! edit: følg beskjeden til norbat du Det var også noe av det verste jeg har sett de siste månedene. Fy søren, lenge siden formatering? Lenke til kommentar
norbat Skrevet 23. januar 2008 Rapporter Del Skrevet 23. januar 2008 Du må ikke bli skremt av slike logger, Vintermåne. Man bretter bare opp ermene og gyver løs Lenke til kommentar
Programvare Skrevet 23. januar 2008 Rapporter Del Skrevet 23. januar 2008 That's the spirit Lenke til kommentar
DeHawk89 Skrevet 23. januar 2008 Forfatter Rapporter Del Skrevet 23. januar 2008 takk til ale sammen, ja vintermåne det er ca et år siden siste formatering:O Lenke til kommentar
Programvare Skrevet 23. januar 2008 Rapporter Del Skrevet 23. januar 2008 Hvis du vil ha en helt fresh start igjen på en måte, så kan du jo vurdere det. Jeg pleier å formatere ca. hvert år. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå