vaagnes

Medlemmer
  • Innholdsteller

    10
  • Ble med

  • Besøkte siden sist


Nettsamfunnsomdømme

0 ProPoeng

Om vaagnes

  • Rang
    Nyansatt

vaagnes sin aktivitet

  1. vaagnes la til et innlegg i et emne Hjelp! har blitt infisert av minnesparere.com   

    er bittorrent et skummelt program med tanke på spyware og lignende?
    • 0
  2. vaagnes la til et innlegg i et emne Hjelp! har blitt infisert av minnesparere.com   

    Her er Xp HJT logg:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:33, on 2007-12-31
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe
    C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe
    C:\Programfiler\Multimedia Card Reader\shwicon2k.exe
    C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Programfiler\McAfee.com\Agent\mcagent.exe
    C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe
    C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Programfiler\DNA\btdna.exe
    C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe
    C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Programfiler\McAfee\MPF\MPFSrv.exe
    C:\Programfiler\McAfee\MSK\MskSrver.exe
    C:\Programfiler\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Programfiler\Windows Live\Messenger\usnsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Programfiler\internet explorer\iexplore.exe
    C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programfiler\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll
    O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programfiler\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WinCinemaMgr] C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe
    O4 - HKLM\..\Run: [Home Theater SchSvr] C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [sunkist2k] C:\Programfiler\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [mcagent_exe] C:\Programfiler\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197051377453
    O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: McAfee Application Installer Cleanup (0038721199016975) (0038721199016975mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\003872~1.EXE
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6253\SAService.exe

    --
    End of file - 8244 bytes
    • 0
  3. vaagnes la til et innlegg i et emne Hjelp! har blitt infisert av minnesparere.com   

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:52, on 2007-12-29
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
    O16 - DPF: {25C29129-E95F-4564-BFE3-000000006400} (KvikVideo 6.4) - http://www.123hjemmeside.no/builder/pages/...deo-6-4-0-0.CAB
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - cmd.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 6896 bytes
    • 0
  4. vaagnes la til et innlegg i et emne Hjelp! har blitt infisert av minnesparere.com   

    Hverken Vista eller Xp-maskinen har noen popups nå. Jeg fikk ikke postet loggen fra combofix fra vista-maskinen, fordi den dukker ikke opp etter jeg har kjørt combofix. Det er ett eller annet som skaper trøbbel for combofix, det kommer opp out of memory og at administrator må gi godkjenning for at det skal kjøre. Etter jeg trykker på enter så kjører den likevel, men når den er ferdig så greier den ikke å starte maskinen på nytt, det må jeg gjøre manuelt, og loggen kommer ikke opp.

    Jeg tenkte å kjøre SAS på vista-maskinen også, skal gjøre det senere i dag. Jeg merker ingenting av viruset på noen av de, men det trenger vel kanskje ikke å bety at jeg er kvitt det
    • 0
  5. vaagnes la til et innlegg i et emne Hjelp! har blitt infisert av minnesparere.com   

    Her er loggen fra da jeg kjørte SAS:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/30/2007 at 02:59 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3370
    Trace Rules Database Version: 1365

    Scan type : Complete Scan
    Total Scan Time : 01:02:04

    Memory items scanned : 542
    Memory threats detected : 0
    Registry items scanned : 6766
    Registry threats detected : 5
    File items scanned : 87074
    File threats detected : 37

    Adware.Tracking Cookie
    C:\Documents and Settings\Eier\Cookies\eier@questionmarket[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@videoegg.adbureau[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@mediaplex[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@ad.yieldmanager[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@2o7[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@adrevolver[3].txt
    C:\Documents and Settings\Eier\Cookies\eier@adrevolver[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@atdmt[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@bs.serving-sys[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@cgi-bin[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@specificclick[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@statse.webtrendslive[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@rocku.adbureau[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@ads.us.e-planning[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@tribalfusion[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@track.adform[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@date.ventivmedia[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@tradedoubler[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@serving-sys[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@adtech[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@indextools[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@1064234106[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@ads.adbrite[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@affiliates.chichiclicks[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@tripod[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@ads.vg.basefarm[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@findexa.adbureau[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@premiumtv.122.2o7[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@media.adrevolver[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@advertising[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@doubleclick[2].txt
    C:\Documents and Settings\Eier\Cookies\eier@ehg-ati.hitbox[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@statcounter[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@ads.no.webdeal[1].txt
    C:\Documents and Settings\Eier\Cookies\eier@adbrite[2].txt

    Malware.LocusSoftware Inc/PCPrivacyTool
    HKLM\Software\Purchased Products
    HKLM\Software\Purchased Products\System Error Repair
    HKLM\Software\Purchased Products\System Error Repair#domain
    HKLM\Software\Purchased Products\System Error Repair#pname
    HKLM\Software\Purchased Products\System Error Repair#cname
    • 0
  6. vaagnes la til et innlegg i et emne Hjelp! har blitt infisert av minnesparere.com   

    ComboFix 07-12-29.5 - Administrator 2007-12-29 17:56:45.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.804 [GMT 1:00]
    Running from: C:\Documents and Settings\Eier\Skrivebord\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Eier\Programdata\systemerrorrepairinstallfull_no[1].exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
    .

    2007-12-29 17:53 . 2004-01-01 17:06 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
    2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny
    2007-12-29 17:53 . 2004-01-01 15:10 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere
    2007-12-29 17:53 . 2004-01-01 15:10 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
    2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste
    2007-12-29 17:53 . 2004-01-01 16:26 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Symantec
    2007-12-29 17:53 . 2004-01-01 17:01 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Sonic
    2007-12-29 17:53 . 2004-01-01 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SampleView
    2007-12-29 17:53 . 2004-01-01 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\InterTrust
    2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata
    2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter
    2007-12-29 17:53 . 2007-11-14 04:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler
    2007-12-29 17:53 . 2007-12-29 17:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger
    2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter
    2007-12-29 17:53 . 2004-01-01 15:10 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask
    2007-12-29 15:49 . 2007-12-29 15:49 <DIR> d-------- C:\Programfiler\Lavasoft
    2007-12-29 15:49 . 2007-12-29 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft
    2007-12-29 15:48 . 2007-12-29 15:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
    2007-12-29 14:05 . 2007-12-29 14:05 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\minnesparere
    2007-12-28 19:33 . 2007-12-28 19:33 <DIR> d-------- C:\Programfiler\Fellesfiler\MinneSparere
    2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- C:\Programfiler\SiteAdvisor
    2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- C:\Documents and Settings\LocalService\Skrivebord
    2007-12-28 19:30 . 2007-12-29 14:00 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\SiteAdvisor
    2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\SiteAdvisor
    2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SiteAdvisor
    2007-12-28 19:30 . 2007-12-29 17:51 8,821 --a------ C:\WINDOWS\system32\Config.MPF
    2007-12-28 19:29 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
    2007-12-28 19:27 . 2007-12-28 19:27 <DIR> d-------- C:\Programfiler\McAfee.com
    2007-12-28 19:27 . 2007-12-28 19:27 <DIR> d-------- C:\Programfiler\Fellesfiler\McAfee
    2007-12-28 19:27 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
    2007-12-28 19:27 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
    2007-12-28 19:27 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
    2007-12-28 19:27 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
    2007-12-28 19:27 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
    2007-12-28 19:27 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
    2007-12-28 19:26 . 2007-12-28 19:29 <DIR> d-------- C:\Programfiler\McAfee
    2007-12-28 19:20 . 2007-12-28 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\McAfee
    2007-12-25 13:32 . 2007-12-25 20:31 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\BitTorrent
    2007-12-25 13:31 . 2007-12-25 13:31 <DIR> d-------- C:\Programfiler\DNA
    2007-12-25 13:31 . 2007-12-25 13:31 <DIR> d-------- C:\Programfiler\BitTorrent
    2007-12-25 13:31 . 2007-12-29 17:51 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\DNA
    2007-12-24 13:18 . 2007-12-24 22:34 <DIR> d-------- C:\Documents and Settings\Eier\Shared
    2007-12-24 13:18 . 2007-12-25 03:01 <DIR> d-------- C:\Documents and Settings\Eier\Incomplete
    2007-12-24 13:17 . 2007-12-24 13:17 <DIR> d-------- C:\Programfiler\LimeWire
    2007-12-24 13:17 . 2007-12-24 22:37 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\LimeWire
    2007-12-23 23:19 . 2007-12-25 18:40 23 --a------ C:\WINDOWS\BlendSettings.ini
    2007-12-23 21:55 . 2007-12-23 21:55 <DIR> d-------- C:\Programfiler\Bethesda Softworks
    2007-12-23 21:40 . 2007-12-23 21:40 <DIR> dr-h----- C:\Documents and Settings\Eier\Programdata\SecuROM
    2007-12-23 21:40 . 2007-12-23 21:40 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-23 21:32 . 2007-12-29 17:51 30,888 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx
    2007-12-23 21:32 . 2007-12-29 17:51 30,888 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx
    2007-12-23 21:32 . 2007-12-29 17:51 29,952 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx
    2007-12-23 21:32 . 2007-12-29 17:51 29,952 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx
    2007-12-23 21:32 . 2007-12-29 17:51 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx
    2007-12-23 21:32 . 2007-12-29 17:51 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
    2007-12-23 21:32 . 2007-12-29 17:51 1,080 --a------ C:\WINDOWS\system32\settings.sfm
    2007-12-23 21:31 . 2007-12-23 21:33 <DIR> d-------- C:\WINDOWS\system32\Defaults
    2007-12-23 21:31 . 2007-12-29 17:51 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-20051102}.CDF
    2007-12-23 21:31 . 2007-12-29 17:51 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-20051102}.BAK
    2007-12-23 21:31 . 2000-12-05 09:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
    2007-12-23 21:30 . 2007-12-23 21:30 <DIR> d-------- C:\WINDOWS\system32\Data
    2007-12-23 21:30 . 2007-12-23 21:30 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2007-12-23 21:30 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwdm.ini
    2007-12-23 21:30 . 2007-12-23 21:30 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2007-12-23 21:30 . 2006-08-11 14:57 11,776 --a------ C:\WINDOWS\INRES.DLL
    2007-12-23 21:30 . 2006-08-11 14:55 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
    2007-12-23 21:30 . 2006-08-11 14:56 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
    2007-12-23 21:30 . 2006-08-11 14:32 191 --a------ C:\WINDOWS\system32\ctzapxx.ini
    2007-12-23 21:16 . 2007-12-23 21:16 <DIR> d-------- C:\WINDOWS\system32\nb-NO
    2007-12-23 21:16 . 2007-12-23 21:16 <DIR> d-------- C:\Programfiler\MSXML 6.0
    2007-12-23 21:14 . 2007-12-23 21:14 <DIR> d-------- C:\Programfiler\MSBuild
    2007-12-23 21:12 . 2007-12-23 21:19 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2007-12-23 21:12 . 2007-12-23 21:12 <DIR> d-------- C:\Programfiler\Reference Assemblies
    2007-12-23 21:11 . 2007-12-23 21:11 <DIR> d-------- C:\d1e431d2584a48885ccf
    2007-12-23 21:11 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2007-12-23 20:46 . 2007-12-23 20:46 <DIR> d-------- C:\Programfiler\Windows Media Connect 2
    2007-12-23 20:46 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2007-12-23 20:46 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2007-12-23 20:46 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2007-12-23 20:45 . 2007-12-23 20:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-12-23 20:45 . 2007-12-23 20:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-12-23 20:31 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2007-12-23 20:31 . 2007-11-07 04:40 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
    2007-12-23 20:31 . 2007-11-07 04:40 106,496 --a------ C:\WINDOWS\system32\atinppt2.ax
    2007-12-23 20:31 . 2005-12-02 23:49 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc01.cod
    2007-12-23 20:30 . 2007-12-23 20:33 <DIR> d-------- C:\Programfiler\ATI Technologies
    2007-12-19 12:43 . 2007-12-19 12:43 <DIR> d-------- C:\Programfiler\Hothouse Creations
    2007-12-16 17:54 . 2007-12-16 17:54 <DIR> d-------- C:\Programfiler\Google
    2007-12-16 11:38 . 2007-12-16 18:25 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Ahead
    2007-12-16 11:36 . 2003-12-11 13:34 1,318,912 --------- C:\WINDOWS\UNNMP.exe
    2007-12-16 11:36 . 2003-12-31 09:24 50,523 --------- C:\WINDOWS\UNNMP.cfg
    2007-12-16 11:35 . 2001-07-09 12:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
    2007-12-16 11:34 . 2003-12-11 13:34 1,318,912 --------- C:\WINDOWS\UNNeroVision.exe
    2007-12-16 11:34 . 2003-12-31 09:24 105,105 --------- C:\WINDOWS\UNNeroVision.cfg
    2007-12-16 11:34 . 2001-03-08 18:30 24,064 -ra------ C:\WINDOWS\system32\msxml3a.dll
    2007-12-16 11:33 . 2007-12-16 11:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead
    2007-12-16 11:33 . 2007-12-16 11:36 <DIR> d-------- C:\Programfiler\Ahead
    2007-12-16 11:33 . 2007-12-16 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Ahead
    2007-12-16 11:33 . 2001-07-06 15:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
    2007-12-16 11:33 . 2001-07-06 13:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-23 20:54 --------- d--h--w C:\Programfiler\InstallShield Installation Information
    2007-12-23 20:31 --------- d-----w C:\Programfiler\Creative
    2007-12-23 19:32 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield
    2007-12-23 14:44 --------- d-----w C:\Documents and Settings\Eier\Programdata\Canon
    2007-12-16 16:55 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
    2007-12-09 19:03 --------- d-----w C:\Programfiler\Snapshot Viewer
    2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2007-11-24 10:11 --------- d-----w C:\Programfiler\Brother's Keeper 6
    2007-11-20 20:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\SBT
    2007-11-20 19:51 --------- d-----w C:\Programfiler\microsoft frontpage
    2007-11-20 19:48 --------- d-----w C:\Documents and Settings\Eier\Programdata\Microsoft Web Folders
    2007-11-18 22:27 --------- d-----w C:\Programfiler\MSXML 4.0
    2007-11-18 15:20 --------- d-----w C:\Documents and Settings\Eier\Programdata\Arcsoft
    2007-11-14 03:38 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester
    2007-11-13 21:58 --------- d-----w C:\Programfiler\NewSoft
    2007-11-13 21:58 --------- d-----w C:\Programfiler\Canon
    2007-11-13 21:58 --------- d-----w C:\Documents and Settings\Eier\Programdata\NewSoft
    2007-11-13 21:57 --------- d-----w C:\Programfiler\ScanSoft
    2007-11-13 21:57 --------- d-----w C:\Programfiler\Fellesfiler\ScanSoft Shared
    2007-11-13 21:57 --------- d-----w C:\Documents and Settings\Eier\Programdata\ScanSoft
    2007-11-13 21:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\SSScanWizard
    2007-11-13 21:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\SSScanAppDataDir
    2007-11-13 21:56 --------- d-----w C:\Programfiler\ArcSoft
    2007-11-13 20:47 --------- d-----w C:\Programfiler\Java
    2007-11-13 20:34 --------- d-----w C:\Programfiler\Alwil Software
    2007-11-13 19:48 3,794 --sha-r C:\WINDOWS\system32\drivers\HP_PC008A-ABN t570.no_YW_Pavi_QCZB422_E42NOheBLF3_4_IOxford_SASUSTeK Computer INC._V1.xx_B3.28_T040827_WXH1_L414_M1024_J320_7Intel_8Pentium 4_93,2_1104C8023_N10EC8139_P_Z14F12F00_K_A_U808624D2_G_O_D.MRK
    2007-11-13 19:46 --------- d-----w C:\Programfiler\InterVideo
    2007-11-13 19:45 --------- d-----w C:\Programfiler\Multimedia Card Reader
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RecordNow!"="" []
    "RemoteCenter"="C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 16:35]
    "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2007-12-25 13:31]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
    "HPHUPD05"="c:\Programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:19]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
    "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
    "WinCinemaMgr"="C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe" [2003-09-16 17:01]
    "Home Theater SchSvr"="C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe" [2003-11-24 17:40]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
    "VTTimer"="VTTimer.exe" []
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]
    "Sunkist2k"="C:\Programfiler\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 11:17]
    "Omnipage"="C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
    "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
    "CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "mcagent_exe"="C:\Programfiler\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
    "SiteAdvisor"="C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 22:57]
    "cookw"="C:\PROGRA~1\FELLES~1\MINNES~1\cookw.exe" [2007-08-15 11:09]

    C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
    Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-13 23:04:18]
    HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 12:19:24]
    Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 11:42]
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-05-09 10:16]
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-04-28 22:33]
    S2 0038611198866456mcinstcleanup;McAfee Application Installer Cleanup (0038611198866456);C:\DOCUME~1\Eier\LOKALE~1\Temp\003861~1.EXE C:\PROGRA~1\FELLES~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-28 18:27:25 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
    "2007-12-28 18:27:24 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-29 18:00:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-29 18:01:37 - machine was rebooted [Eier]
    .
    2007-12-22 01:46:06 --- E O F ---
    • 0
  7. vaagnes la til et innlegg i et emne Hjelp! har blitt infisert av minnesparere.com   

    Har også fått dette på min andre maskin! Her er loggen til den:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:04, on 2007-12-29
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Programfiler\McAfee\MPF\MPFSrv.exe
    C:\Programfiler\McAfee\MSK\MskSrver.exe
    C:\Programfiler\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
    C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe
    C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe
    C:\Programfiler\Multimedia Card Reader\shwicon2k.exe
    C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe
    C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Programfiler\DNA\btdna.exe
    C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programfiler\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll
    O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programfiler\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WinCinemaMgr] C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe
    O4 - HKLM\..\Run: [Home Theater SchSvr] C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [sunkist2k] C:\Programfiler\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [mcagent_exe] C:\Programfiler\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197051377453
    O23 - Service: McAfee Application Installer Cleanup (0038611198866456) (0038611198866456mcinstcleanup) - Unknown owner - C:\DOCUME~1\Eier\LOKALE~1\Temp\003861~1.EXE (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6172\SAService.exe

    --
    End of file - 7572 bytes
    • 0
  8. vaagnes la til et innlegg i et emne Hjelp! har blitt infisert av minnesparere.com   

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:52, on 2007-12-29
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
    O16 - DPF: {25C29129-E95F-4564-BFE3-000000006400} (KvikVideo 6.4) - http://www.123hjemmeside.no/builder/pages/...deo-6-4-0-0.CAB
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - cmd.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 6896 bytes





    Jeg prøvde å slette og fikse den ??????)?????e filen, men den er der ennå ser jeg
    • 0
  9. vaagnes la til et innlegg i et emne Hjelp! har blitt infisert av minnesparere.com   

    da har jeg kjørt hijackthis.

    her er loggen:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:54, on 2007-12-29
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\COMMON~1\MINNES~1\cookw.exe" -start
    O4 - HKLM\..\Run: [giw] "C:\PROGRA~1\COMMON~1\INTERN~1\giw.exe" -start
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
    O16 - DPF: {25C29129-E95F-4564-BFE3-000000006400} (KvikVideo 6.4) - http://www.123hjemmeside.no/builder/pages/...deo-6-4-0-0.CAB
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 6937 bytes
    • 0
  10. vaagnes la til et emne i Virus og antivirus   

    Hjelp! har blitt infisert av minnesparere.com
    Fikk et virus fra minnesparere.com fra vg.no. De ba meg om å kjøre systemscan, og det gjorde jeg og installerte to program:

    minnesparere
    og internetAnonymizer.

    Jeg har Combofix og hijackthis som jeg skal kjøre nå. Kan dere se på loggen min fra hijackthis og se om jeg har blitt kvitt det?
    • 21 svar
    • visninger