infisert av virus/spyware

22 innlegg i emnet

Skrevet

hei!

har i det siste hatt mistanke om att jeg er infisert av antivirus spyware.

bruker avg og windows defender men di finner ikke noe.

noen som har et forslag til hva jeg kan gjøre?

:wall:

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

hei!

har i det siste hatt mistanke om att jeg er infisert av antivirus spyware.

bruker avg og windows defender men di finner ikke noe.

noen som har et forslag til hva jeg kan gjøre?

:wall:

Spybot Search And Destroy og Ad-Aware sammen med antivirusprogrammet ditt i sikkermodus pleier å hjelpe :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

hei!

har i det siste hatt mistanke om att jeg er infisert av antivirus spyware.

bruker avg og windows defender men di finner ikke noe.

noen som har et forslag til hva jeg kan gjøre?

:wall:

Det kan hende du har fått det nye MSN-Viruset. Har du fått en link i MSN fra noen som sier "Look at my summer pictures 2007 : http://xxxxxxxxxxx" ?

I såfall last ned denne fixen, kjør .bat filen og start på nytt

http://sosvirus.changelog.fr/MSNFix.zip

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Dette er et detaljert standardsvar hentet fra: http://hurtigsvar.viztnd.com/ som er verdt å prøve. Fikser det meste med virus og spyware. :thumbup:

Jeg vil anbefale deg å prøve en virussjekk og en spywaresjekk i følgende rekkefølge:

Dersom du har Windows XP kan en systemgjenoppretting etter at du har fjernet virusene føre til at du stiller tilbake maskinen til å være infisert igjen. Prøv først å fjerne virusene uten å deaktivere systemgjenoppretting.

Dersom du klarer å desinfisere maskinen stenger du av systemgjenoppretting, restarter og setter på systemgjenoppretting igjen. Dersom du ikke klarer å fjerne virus kan en systemgjenoppretting fungere, velg da et gjenopprettingspunkt hvor du VET du ikke var infisert.

All skanning etter virus og spyware skal du nå foreta i sikkermodus med nettverk.

Følg lenken dersom du ikke vet hvordan du starter i Sikkermodus med nettverk.

Foreta en virusskanning i nettleseren din med BitDefender. Dersom du finner virus starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning.

Deretter tar du en spywaresjekk med Ewido Onlinescan. Dersom du finner spyware starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning.

Så snart du har fått til å kjøre begge skannerne uten at de gir indikasjon på virus eller spyware er du ferdig med å skanne og skal starte maskinen i vanlig modus igjen.

Deretter kan du gå videre til å installere antivirusprogramvare og antispyware dersom du ikke har noe slikt fra før. Slike programmer finner du på oss.viztnd.com/secprog.shtml.

Les her dersom du ønsker informasjon om hva spyware er og hvordan du best mulig kan holde PC-en din ren for dette.

Les her dersom du ønsker lenker til informasjon om hva virus, trojanere og ormer er.

Når det gjelder sikkermodus skal du IKKE gjøre noe annet imens, dvs du skal ikke sitte og surfe her eller andre steder. Dette fordi du da kan starte spionprogrammene eller virusene manuelt.

Ovenstående svar med virus og spywaresjekk er basert på en utvidelse for Firefox som henter hurtigsvar på enkelte gjentagende spørsmål. Svarene hentes fra http://hurtigsvar.viztnd.com og utvidelsen til Firefox kan hentes fra www.home.no/apepost for de som ønsker det.

:)

Ellers så hjelper det å søke litt på forumet også. Finner søkefunksjonen helt til venstre på forumet. :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

er det noen som vet hvordan man får datamaskinen i sikkerhetsmodus?

jeg vet det ikke helt :unsure:

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

er det noen som vet hvordan man får datamaskinen i sikkerhetsmodus?

jeg vet det ikke helt :unsure:

Trykke F8 under oppstart :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Står jo i guiden jeg har i min forrige post også.. :) med link.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

får bare opp en kolonne der jeg kan velge hva som skal vere bootup disken min

noen andre ideer til hva jeg kan gjøre for og få den i sikkerhetsmodus? <_<

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

har prøvd det i sikkerhetsmodus med netverk men jeg fikk ikke til og kjøre skannerene.

noen som hvet hvorfor, eller vet om andre online scannere?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

prøvde ewido men fikk fortsatt ikke lastet scanneren.

prøvde hijackthise og her er loggen:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:18:21, on 05.08.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Cepstral\bin\CepstralLicSrv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\Veoh Networks\Veoh\VeohClient.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

F:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: media_mall toolbar - {017cff13-49c1-4752-9b8f-561f3af87574} - C:\Program Files\media_mall\tbmed0.dll

O2 - BHO: IEEvents Class - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\WINDOWS\system32\ApsHelper12.dll

O2 - BHO: media_mall toolbar - {017cff13-49c1-4752-9b8f-561f3af87574} - C:\Program Files\media_mall\tbmed0.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\programfiler\programfiler.bitcomet\tools\BitCometBHO_1.1.3.19.dll (file missing)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {69d0c703-db8a-4992-9b33-4351a2ca86cc} - C:\WINDOWS\system32\MP4snw.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - (no file)

O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)

O2 - BHO: (no name) - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - (no file)

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

O2 - BHO: (no name) - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - (no file)

O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - (no file)

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)

O3 - Toolbar: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - (no file)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: media_mall toolbar - {017cff13-49c1-4752-9b8f-561f3af87574} - C:\Program Files\media_mall\tbmed0.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [logmein] C:\Program Files\LogMeIn\LogMeInSystray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP

O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\RunServices: [Microsoft] firefox.exe

O4 - HKLM\..\RunServices: [lnternet Update] sysmem.exe

O4 - HKCU\..\Run: [Veoh] "D:\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Startup: RAR Password Cracker.lnk = F:\RAR Password Cracker\rpc.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download all links using BitComet - res://E:\programfiler\programfiler.bitcomet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://E:\programfiler\programfiler.bitcomet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download link using &BitComet - res://E:\programfiler\programfiler.bitcomet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - D:\ESTsoft\ALPass\ALPass.exe

O9 - Extra 'Tools' menuitem: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - D:\ESTsoft\ALPass\ALPass.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.antivirusgolden.com

O15 - Trusted Zone: http://download.cdn.winsoftware.com

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - http://84.205.61.22/SysCamInst.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by143w.bay143.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172303575343

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183708450015

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlinev...cabs/cssweb.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll

O20 - Winlogon Notify: MP4snw - C:\WINDOWS\SYSTEM32\MP4snw.dll

O22 - SharedTaskScheduler: floripondio - {6ad686b9-ab56-4ebc-a804-9f70b55b4577} - (no file)

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bonjour Service - Unknown owner - D:\iPhox\mDNSResponder.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Cepstral\bin\CepstralLicSrv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - X:\Spyware Doctor\sdhelp.exe (file missing)

O23 - Service: Steganos Live Encryption Engine 8.1 [service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 18728 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ser ut som du har mer enn et antivirusprogram. Dette kan være årsak til problemene dine.

TIPS:

Om du starter msconfig og velger diagnoseoppstart kan du huke av for programmer / tjenester du vil starte opp. Da vil du nok få startet scan med innstallert antivirusprogram. Dette krever at alle tjenestene til dette programmet blir startet.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Du har noen trojanere på lur.

Gjør følgende:

Last ned SDFix til skrivebordet.

Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix

Restart pc'n i sikker modus (tapp F8 under oppstart, velg sikker modus)

Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet

Velg Y for å starte rensingen

Pc'n vil restarte, og SDFix vil fortsette.

Deretter: (i normal modus)

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (vanligvis c:\combofix.txt), loggen fra SDfix (vil ligge som Report.txt i SDFix-mappa) + ny HJT-logg :thumbup:

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

har scannet og her er loggen til sdfix:

SDFix: Version 1.96

Run by Administrator on 07.08.2007 at 09:30

Microsoft Windows XP [Versjon 5.1.2600]

Running From: C:\sdfix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\lssas.exe - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"

"D:\\setup\\easy_search(2.2.0.0).exe"="D:\\setup\\easy_search(2.2.0.0).exe:*:Enabled:Network Storage Adapter"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Fjernhjelp - Windows Messenger og Stemme"

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"

"C:\\Program Files\\Common Files\\XPressUpdate\\XPressUpdate.exe"="C:\\Program Files\\Common Files\\XPressUpdate\\XPressUpdate.exe:*:Enabled:XPressUpdate"

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\\Program Files\\NCH Swift Sound\\Axon\\axon.exe"="C:\\Program Files\\NCH Swift Sound\\Axon\\axon.exe:*:Enabled:axon"

"D:\\Ny mappe (3)\\programfiler\\veoh\\VeohClient.exe"="D:\\Ny mappe (3)\\programfiler\\veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"C:\\Documents and Settings\\Torstein\\Local Settings\\Application Data\\Microsoft\\CD Burning\\programfiler\\veoh\\VeohClient.exe"="C:\\Documents and Settings\\Torstein\\Local Settings\\Application Data\\Microsoft\\CD Burning\\programfiler\\veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"C:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe"="C:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe:*:Enabled:talk"

"C:\\Program Files\\NCH Software\\ScreenStream\\screenstream.exe"="C:\\Program Files\\NCH Software\\ScreenStream\\screenstream.exe:*:Enabled:screenstream"

"D:\\veoh\\VeohClient.exe"="D:\\veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"E:\\programfiler\\veoh\\VeohClient.exe"="E:\\programfiler\\veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"D:\\Ny mappe (3)\\programfiler\\MDCCindia Technologies\\BFS\\Pro\\bfspro16.exe"="D:\\Ny mappe (3)\\programfiler\\MDCCindia Technologies\\BFS\\Pro\\bfspro16.exe:*:Enabled:bfspro16"

"C:\\Documents and Settings\\Torstein\\Local Settings\\Application Data\\Microsoft\\CD Burning\\Bitdownload\\BitDownload.exe"="C:\\Documents and Settings\\Torstein\\Local Settings\\Application Data\\Microsoft\\CD Burning\\Bitdownload\\BitDownload.exe:*:Enabled:Warez3"

"D:\\filer\\Mozilla Firefox\\firefox.exe"="D:\\filer\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"D:\\Motorhead\\motorm.exe"="D:\\Motorhead\\motorm.exe:*:Enabled:motorm"

"D:\\Motorhead\\motor.exe"="D:\\Motorhead\\motor.exe:*:Enabled:motor"

"G:\\Bandwidth Monitor and Internet Tools\\Bandwidth Monitor.exe"="G:\\Bandwidth Monitor and Internet Tools\\Bandwidth Monitor.exe:*:Enabled:This program allow you to monitor your incoming and outgoing data no need to setup the program once you install it will do the job of setting it for you "

"D:\\firefox\\filer\\Mozilla Firefox\\firefox.exe"="D:\\firefox\\filer\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"G:\\Mozilla Firefox\\firefox.exe"="G:\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"

"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"F:\\Last.fm\\LastFM.exe"="F:\\Last.fm\\LastFM.exe:*:Disabled:LastFM"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\WINDOWS\\system32\\sysmem.exe"="C:\\WINDOWS\\system32\\sysmem.exe:*:Enabled:sysmem"

"F:\\Veoh Networks\\Veoh\\VeohClient.exe"="F:\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"D:\\Veoh Networks\\Veoh\\VeohClient.exe"="D:\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"D:\\ESTsoft\\ALFTP\\ALFTP.exe"="D:\\ESTsoft\\ALFTP\\ALFTP.exe:*:Disabled:ALFTP"

"G:\\BearShare Applications\\BearShare\\BearShare.exe"="G:\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"

"D:\\programfiler.bitcomet\\BitComet.exe"="D:\\programfiler.bitcomet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"

"E:\\programfiler\\BitTorrent\\bittorrent.exe"="E:\\programfiler\\BitTorrent\\bittorrent.exe:*:Disabled:bittorrent"

"D:\\programfiler\\BitTorrent\\bittorrent.exe"="D:\\programfiler\\BitTorrent\\bittorrent.exe:*:Disabled:bittorrent"

"D:\\Ny mappe (3)\\programfiler\\BitTorrent\\bittorrent.exe"="D:\\Ny mappe (3)\\programfiler\\BitTorrent\\bittorrent.exe:*:Disabled:bittorrent"

"D:\\BitTorrent\\bittorrent.exe"="D:\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"

"C:\\Documents and Settings\\Torstein\\Local Settings\\Application Data\\Microsoft\\CD Burning\\programfiler\\BitTorrent\\bittorrent.exe"="C:\\Documents and Settings\\Torstein\\Local Settings\\Application Data\\Microsoft\\CD Burning\\programfiler\\BitTorrent\\bittorrent.exe:*:Disabled:bittorrent"

"D:\\iPhox\\mDNSResponder.exe"="D:\\iPhox\\mDNSResponder.exe:*:Disabled:Bonjour"

"C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe:*:Disabled:CrazyTalk Application"

"D:\\Ny mappe (3)\\programfiler\\eFileGo\\eFileSvr.exe"="D:\\Ny mappe (3)\\programfiler\\eFileGo\\eFileSvr.exe:*:Disabled:eFileGoSvr"

"D:\\Ny mappe (3)\\programfiler\\iPhox\\iPhox.exe"="D:\\Ny mappe (3)\\programfiler\\iPhox\\iPhox.exe:*:Disabled:iPhox"

"D:\\iPhox\\iPhox.exe"="D:\\iPhox\\iPhox.exe:*:Disabled:iPhox"

"G:\\Last.fm\\LastFM.exe"="G:\\Last.fm\\LastFM.exe:*:Disabled:LastFM"

"G:\\Morpheus\\Morpheus.exe"="G:\\Morpheus\\Morpheus.exe:*:Disabled:Morpheus"

"G:\\Pando Networks\\Pando\\pando.exe"="G:\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"

"F:\\Pando Networks\\Pando\\pando.exe"="F:\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"

"D:\\megggggttttttttttttttttttttttttttttttttttttttt\\filer\\programmfiler\\Pando Networks\\Pando\\pando.exe"="D:\\megggggttttttttttttttttttttttttttttttttttttttt\\filer\\programmfiler\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"

"D:\\filer\\programmfiler\\Pando Networks\\Pando\\pando.exe"="D:\\filer\\programmfiler\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"

"D:\\filer\\Pando Networks\\Pando\\pando.exe"="D:\\filer\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"

"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"

"G:\\Zapr\\Zapr Client\\0.0.0.178\\ZaprApp.exe"="G:\\Zapr\\Zapr Client\\0.0.0.178\\ZaprApp.exe:*:Disabled:Zapr"

"G:\\Zapu\\Zapu\\wDivi.exe"="G:\\Zapu\\Zapu\\wDivi.exe:*:Disabled:Zapu Control"

"F:\\Zapu\\Zapu\\wDivi.exe"="F:\\Zapu\\Zapu\\wDivi.exe:*:Disabled:Zapu Control"

"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"D:\\TVUPlayer\\TVUPlayer.exe"="D:\\TVUPlayer\\TVUPlayer.exe:*:Disabled:TVU Player Component"

"D:\\Ny mappe (3)\\programfiler\\TVUPlayer\\TVUPlayer.exe"="D:\\Ny mappe (3)\\programfiler\\TVUPlayer\\TVUPlayer.exe:*:Disabled:TVU Player Component"

"F:\\Sony Ericsson\\Update Service\\ma3platform.exe"="F:\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Disabled:ma3platform"

"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Disabled:ma3platform"

"D:\\Binary-House\\MagicWhiteboard\\MagicWhiteboard.exe"="D:\\Binary-House\\MagicWhiteboard\\MagicWhiteboard.exe:*:Disabled:Magic Whiteboard"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"D:\\BitDownload\\BitDownload.exe"="D:\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"

"F:\\BitLord\\BitLord.exe"="F:\\BitLord\\BitLord.exe:*:Disabled:BitLord"

"G:\\skype\\Phone\\Skype.exe"="G:\\skype\\Phone\\Skype.exe:*:Disabled:Skype. Take a deep breath "

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"

"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"

"E:\\programfiler\\programfiler.bitcomet\\BitComet.exe"="E:\\programfiler\\programfiler.bitcomet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"

"F:\\uTorrent\\utorrent.exe"="F:\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"

"G:\\Ny mappe\\Ting som har med datamaskin og gjera\\Programfiler\\Bare program som ligger p† dataen\\Kopiert fr† Pcen Nede\\LimeWire\\LimeWire.exe"="G:\\Ny mappe\\Ting som har med datamaskin og gjera\\Programfiler\\Bare program som ligger p† dataen\\Kopiert fr† Pcen Nede\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"F:\\Ny mappe\\Ting som har med datamaskin og gjera\\Programfiler\\Bare program som ligger p† dataen\\Kopiert fr† Pcen Nede\\LimeWire\\LimeWire.exe"="F:\\Ny mappe\\Ting som har med datamaskin og gjera\\Programfiler\\Bare program som ligger p† dataen\\Kopiert fr† Pcen Nede\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"F:\\limewire\\LimeWire.exe"="F:\\limewire\\LimeWire.exe:*:Enabled:LimeWire"

"D:\\limewire\\LimeWire.exe"="D:\\limewire\\LimeWire.exe:*:Enabled:LimeWire"

"D:\\Lime wirre\\LimeWire\\LimeWire.exe"="D:\\Lime wirre\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:

---------------

her er loggen til combofix:

ComboFix 07-08-04.3 - "Torstein" 2007-08-07 9:47:53.1 [GMT 2:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.Sann

* Created a new restore point

her er loggen til hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:30, on 2007-08-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Cepstral\bin\CepstralLicSrv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

F:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: media_mall toolbar - {017cff13-49c1-4752-9b8f-561f3af87574} - C:\Program Files\media_mall\tbmed0.dll

O2 - BHO: IEEvents Class - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\WINDOWS\system32\ApsHelper12.dll

O2 - BHO: media_mall toolbar - {017cff13-49c1-4752-9b8f-561f3af87574} - C:\Program Files\media_mall\tbmed0.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\programfiler\programfiler.bitcomet\tools\BitCometBHO_1.1.3.19.dll (file missing)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {69d0c703-db8a-4992-9b33-4351a2ca86cc} - C:\WINDOWS\system32\MP4snw.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - (no file)

O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)

O2 - BHO: (no name) - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - (no file)

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

O2 - BHO: (no name) - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - (no file)

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)

O3 - Toolbar: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - (no file)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: media_mall toolbar - {017cff13-49c1-4752-9b8f-561f3af87574} - C:\Program Files\media_mall\tbmed0.dll

O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [logmein] C:\Program Files\LogMeIn\LogMeInSystray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP

O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [Veoh] "D:\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-21-861567501-1993962763-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download all links using BitComet - res://E:\programfiler\programfiler.bitcomet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://E:\programfiler\programfiler.bitcomet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download link using &BitComet - res://E:\programfiler\programfiler.bitcomet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - D:\ESTsoft\ALPass\ALPass.exe

O9 - Extra 'Tools' menuitem: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - D:\ESTsoft\ALPass\ALPass.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.antivirusgolden.com

O15 - Trusted Zone: http://download.cdn.winsoftware.com

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - http://84.205.61.22/SysCamInst.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by143w.bay143.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172303575343

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183708450015

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlinev...cabs/cssweb.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll

O20 - Winlogon Notify: MP4snw - C:\WINDOWS\SYSTEM32\MP4snw.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bonjour Service - Unknown owner - D:\iPhox\mDNSResponder.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Cepstral\bin\CepstralLicSrv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PMounter - Unknown owner - C:\WINDOWS\system32\PMounter.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - X:\Spyware Doctor\sdhelp.exe (file missing)

O23 - Service: Steganos Live Encryption Engine 8.1 [service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 17668 bytes

men det er noe som er merkeleg.

jeg prøver trial versjonen norton internett security og den popper hele tiden oppå med att jeg er infisert av en w32.spybot.

er det noen som vet hva det betyr?

Endret av datamaskin
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

hijackloggen din ser grei ut iallefall, ifølge hicjakthis.de... :)

Spybot32 har jeg aldri hørt om... Prøvd noen onlinescannere da? Trendmicros f.eks? Finner den her: http://housecall.antivirus.com/housecall/start_pcc.asp

Du har forresten flere virusprogram installert. Anbefalt er å ha kun ett.. Det kan skape konflikter og ha fler.

Endret av KongKlykken
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Sjekk følgende fil på http://virusscan.jotti.org/:

C:\WINDOWS\SYSTEM32\MP4snw.dll (mulig du må sette på 'vis skjulte filer og mapper" for å finne filen)

Øverst på jotti-siden, ligger "File to upload & scan:" der du velger nevnte fil og laster den opp for en sjekk.

Gi tilbakemelding på om det fant noe.

Har du selv lagt til disse i Trusted Zone? :

O15 - Trusted Zone: http://www.antivirusgolden.com

O15 - Trusted Zone: http://download.cdn.winsoftware.com

Hvis ikke, kan du la HJT fixe dem (kjør hjt, sett merke framfor linjene og klikk 'Fix checked')

Flere har nevnt at du har flere av-prog. Det bør du gjøre noe med. Bestem deg for et du liker og fjern resten.

Denne meldingen Norton kommer med, sier den noe om hvor denne filen ligger?

Loggen fra Combofix: Den du 'la ut', var det alt som kom?

Kan anbefale deg å kjøre en full scan med SAS

Det er litt opprydding i hjt-loggen, men det kan man ta til slutt :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

sjekket C:\WINDOWS\SYSTEM32\MP4snw.dll og den sa at den kansje var infiser av virus\spyware.

nei norton sier ikke noe om hvor filene ligger :(

loggen til combofix ja det var alt som kom.

skannet med sas og den fant noen trojanere.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ok,

Ønsker gjerne å se en ny HJT-logg + loggen fra SAS (preferences->statistics/logs)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Du Burde nedlaste Avast og la den Starte maskinen på nytt med Virus scannen til Avast den er kraftig men det tar en god tid

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

loggen til sas:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 08/07/2007 at 02:20 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259

Trace Rules Database Version: 1270

Scan type : Complete Scan

Total Scan Time : 01:33:15

Memory items scanned : 192

Memory threats detected : 0

Registry items scanned : 6470

Registry threats detected : 11

File items scanned : 68924

File threats detected : 32

Trojan.MalwareWipe

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\InProcServer32

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\InProcServer32#ThreadingModel

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\isdqMcYcbcXfc

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\jlmmUqlfXey

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\Nisklih

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\owbvmiTwgr

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\rxeuma

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\ryvwaDfsoKTa

HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\yEjehLtwlc

Adware.MyWay

C:\Program Files\MyWay\SrchAstt\Cache\0004AE1E

C:\Program Files\MyWay\SrchAstt\Cache\files.ini

C:\Program Files\MyWay\SrchAstt\Cache

C:\Program Files\MyWay\SrchAstt

C:\Program Files\MyWay

Trojan.Media-Codec/V3

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}

Adware.Tracking Cookie

C:\Documents and Settings\Torstein\Cookies\torstein@4.adbrite[2].txt

C:\Documents and Settings\Torstein\Cookies\torstein@ad.adnetinteractive[2].txt

C:\Documents and Settings\Torstein\Cookies\torstein@ad.media-servers[2].txt

C:\Documents and Settings\Torstein\Cookies\torstein@ad.scanmedios[2].txt

C:\Documents and Settings\Torstein\Cookies\torstein@ad1.clickhype[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@adbrite[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@ads.adbrite[2].txt

C:\Documents and Settings\Torstein\Cookies\torstein@adserver.adreactor[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@atdmt[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@clickaider[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@clicktorrent[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@cpvfeed[2].txt

C:\Documents and Settings\Torstein\Cookies\torstein@ehg-wildpackets.hitbox[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@fastclick[2].txt

C:\Documents and Settings\Torstein\Cookies\torstein@hitbox[2].txt

C:\Documents and Settings\Torstein\Cookies\torstein@tradedoubler[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@www.warezquality[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@www3.addfreestats[1].txt

C:\Documents and Settings\Torstein\Cookies\torstein@yadro[2].txt

C:\Documents and Settings\Torstein\Cookies\torstein@zedo[2].txt

Browser Hijacker.Favorites

C:\DOCUMENTS AND SETTINGS\TORSTEIN\FAVORITES\SIKKERHET\ONLINE SECURITY TEST.URL

Trojan.Unknown Origin

C:\RECYCLER\S-1-5-21-861567501-1993962763-839522115-1003\DC36\QUARANTINE\C\PROGRAM FILES\VIDEO ACTIVEX ACCESS\OT.ICO.VIR

C:\RECYCLER\S-1-5-21-861567501-1993962763-839522115-1003\DC36\QUARANTINE\C\PROGRAM FILES\VIDEO ACTIVEX ACCESS\TS.ICO.VIR

Trojan.WinSecurity

C:\WINDOWS\SYSTEM32\WINSECURITY.EXE

Trojan.WinAntiSpyware/WinAntiVirus 2006

F:\SETUPER\WINANTIVIRUSPRO 2006.EXE

F:\SETUPER\WINANTISPYWARE 2006.EXE

BearShare File Sharing Client

F:\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

loggen til hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:07, on 2007-08-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Cepstral\bin\CepstralLicSrv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\Veoh Networks\Veoh\VeohClient.exe

C:\WINDOWS\system32\msiexec.exe

F:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: media_mall toolbar - {017cff13-49c1-4752-9b8f-561f3af87574} - C:\Program Files\media_mall\tbmed0.dll

O2 - BHO: IEEvents Class - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\WINDOWS\system32\ApsHelper12.dll

O2 - BHO: media_mall toolbar - {017cff13-49c1-4752-9b8f-561f3af87574} - C:\Program Files\media_mall\tbmed0.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\programfiler\programfiler.bitcomet\tools\BitCometBHO_1.1.3.19.dll (file missing)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {69d0c703-db8a-4992-9b33-4351a2ca86cc} - C:\WINDOWS\system32\MP4snw.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)

O2 - BHO: (no name) - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - (no file)

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

O2 - BHO: (no name) - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - (no file)

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)

O3 - Toolbar: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - (no file)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: media_mall toolbar - {017cff13-49c1-4752-9b8f-561f3af87574} - C:\Program Files\media_mall\tbmed0.dll

O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [logmein] C:\Program Files\LogMeIn\LogMeInSystray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP

O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [Veoh] "D:\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download all links using BitComet - res://E:\programfiler\programfiler.bitcomet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://E:\programfiler\programfiler.bitcomet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download link using &BitComet - res://E:\programfiler\programfiler.bitcomet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - D:\ESTsoft\ALPass\ALPass.exe

O9 - Extra 'Tools' menuitem: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - D:\ESTsoft\ALPass\ALPass.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.veoh.com

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - http://84.205.61.22/SysCamInst.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by143w.bay143.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172303575343

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183708450015

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlinev...cabs/cssweb.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll

O20 - Winlogon Notify: MP4snw - C:\WINDOWS\SYSTEM32\MP4snw.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bonjour Service - Unknown owner - D:\iPhox\mDNSResponder.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Cepstral\bin\CepstralLicSrv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PMounter - Unknown owner - C:\WINDOWS\system32\PMounter.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - X:\Spyware Doctor\sdhelp.exe (file missing)

O23 - Service: Steganos Live Encryption Engine 8.1 [service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 17485 bytes

har nå bare norton internett security windows defender og avg på maskinen.

men det er en ting som er litt rart.

avg popper nå opp hele tiden opp med att jeg er infisert av en trojaner.

vet noen om hva det kan bety?

Endret av datamaskin
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked':

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)

O2 - BHO: (no name) - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - (no file)

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

O2 - BHO: (no name) - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - (no file)

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)

O3 - Toolbar: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - (no file)

O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

Avinstaller Norton

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

Kjør en full scan med AVG.

Gi tilbakemelding på om/hva AVG fant.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

avg fant et virus.

avast! startup scanner fant tre virus.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive