[LØST] msn virus :omg you naked

44 innlegg i emnet

Skrevet

Så nå har je tatt den andre greia:

ComboFix 07-11-08.1 - Eier 2007-11-11 21:08:14.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.195 [GMT 1:00]

Running from: C:\Documents and Settings\Eier\Skrivebord\Virus greier\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\drivers\Icon.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))

.

2007-11-11 21:05 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-11 20:45 <DIR> d-------- C:\Programfiler\Trend Micro

2007-11-11 20:08 <DIR> dr-h----- C:\Documents and Settings\Eier\Siste

2007-11-10 00:02 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-11-05 19:59 36,925 --a------ C:\WINDOWS\system32\javahelper.exe

2007-11-05 19:59 19,000 --a------ C:\WINDOWS\system32\javasy.dll

2007-10-31 20:53 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-10-31 20:53 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys

2007-10-30 15:21 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Norman

2007-10-23 20:37 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2007-10-21 16:32 163,840 --a------ C:\WINDOWS\system32\cmabout.dll

2007-10-21 16:32 84,608 --a------ C:\WINDOWS\system32\drivers\cxbu0wdm.sys

2007-10-21 16:32 61,440 --a------ C:\WINDOWS\system32\chksvrn.dll

2007-10-21 16:31 <DIR> d-------- C:\Programfiler\Buypass

2007-10-21 11:51 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Ulead Systems

2007-10-15 08:09 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\CyberLink

2007-10-11 14:55 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-10 23:22 --------- d-----w C:\Documents and Settings\Eier\Programdata\LimeWire

2007-11-10 18:38 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-11-10 18:32 --------- d-----w C:\Programfiler\Google

2007-11-09 23:03 --------- d-----w C:\Programfiler\Yahoo!

2007-11-03 08:21 --------- d-----w C:\Programfiler\Norton Internet Security

2007-11-01 15:29 --------- d-----w C:\Programfiler\RegistrySmart

2007-11-01 15:29 --------- d-----w C:\Documents and Settings\Eier\Programdata\RegistrySmart

2007-10-25 10:09 --------- d-----w C:\Documents and Settings\Eier\Programdata\AdobeUM

2007-10-21 15:33 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-10-15 07:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\CyberLink

2007-10-04 13:54 --------- d-----w C:\Documents and Settings\Eier\Programdata\U3

2007-09-25 16:14 --------- d-----w C:\Programfiler\HP

2007-09-25 16:14 --------- d-----w C:\Programfiler\Fellesfiler\HP

2007-09-25 16:12 --------- d-----w C:\Programfiler\Hewlett-Packard

2007-09-25 16:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\HP

2007-09-25 16:04 --------- d-----w C:\Documents and Settings\Eier\Programdata\HP

2007-09-24 06:10 --------- d-----w C:\Programfiler\MSXML 4.0

2007-09-21 20:18 --------- d-----w C:\Programfiler\LimeWire

2007-09-21 17:48 --------- d-----w C:\Programfiler\FrostWire

2007-09-21 16:59 --------- d-----w C:\Documents and Settings\Eier\Programdata\Symantec

2007-09-21 16:56 --------- d-----w C:\Documents and Settings\Eier\Programdata\FrostWire

2007-09-21 16:48 --------- d-----w C:\Programfiler\Microsoft.NET

2007-09-21 16:36 --------- d-----w C:\Programfiler\SymNetDrv

2007-09-21 16:36 --------- d-----w C:\Programfiler\Symantec

2007-09-21 16:35 --------- d-----w C:\Programfiler\CCleaner

2007-09-21 16:08 --------- d-----w C:\Programfiler\Java

2007-09-21 16:04 --------- d-----w C:\Programfiler\AskSBar

2007-09-19 09:52 0 ----a-w C:\WINDOWS\system32\drivers\eicon.txt

2007-08-22 13:18 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll

2007-08-22 13:18 658,432 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-08-22 13:18 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-08-22 13:18 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-08-22 13:18 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-08-22 13:18 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-08-22 13:18 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-08-22 13:18 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-08-22 13:18 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-08-22 13:18 3,079,168 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-08-22 13:18 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-08-22 13:18 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-08-22 13:18 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-08-22 13:18 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-08-22 13:18 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-08-22 13:18 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-08-22 13:18 1,054,720 ------w C:\WINDOWS\system32\dllcache\danim.dll

2007-08-22 13:18 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2007-09-21 17:04 66912 --a------ C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

2007-09-21 17:04 267592 --a------ C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"= C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-09-21 17:04 267592]

[HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-09-21 17:04 267592]

[HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 18:44]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 18:43]

"VTTimer"="VTTimer.exe" [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-01-11 07:33 C:\WINDOWS\system32\VTTrayp.exe]

"STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [2003-12-17 16:50]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 17:39 C:\WINDOWS\SOUNDMAN.EXE]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-21 16:24]

"Ulead AutoDetector v2"="C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43]

"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48]

"EmailChecker"="C:\APPS\EmailChecker\ech.exe" [2003-07-02 10:13]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-21 17:36]

"RegistrySmart"="C:\Programfiler\RegistrySmart\RegistrySmart.exe" [2007-08-07 20:59]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 16:39]

"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" []

"ccleaner"="C:\Programfiler\CCleaner\CCleaner.exe" [2007-09-10 15:03]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"Java"= {3DBCBCEC-D03B-43D2-8350-2C7EA48D4075} - javasy.dll [ ]

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

R2 MTC0007_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\drivers\STDSB.sys

S2 STDSB;STDSB;C:\WINDOWS\system32\DRIVERS\STDSB.sys

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b475b997-7276-11dc-ae57-0016e3350795}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-09-19 09:50:51 C:\WINDOWS\Tasks\Registreringspåminnelse 1.job"

"2007-11-11 19:08:19 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"

"2007-11-09 14:30:00 C:\WINDOWS\Tasks\Utvidet garanti.job"

- C:\APPS\SMP\PBCARNOT.EXE

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-11 21:09:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-11 21:10:14

.

--- E O F ---

Også den første igjen:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:13:55, on 11.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slmdmsr.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\drivers\STDSB.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

C:\Apps\Powercinema\PCMService.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\APPS\SMP\SmpSys.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\RegistrySmart\RegistrySmart.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nor.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\system32\drivers\STDSB.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RegistrySmart] C:\Programfiler\RegistrySmart\RegistrySmart.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\CCleaner.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O21 - SSODL: Java - {3DBCBCEC-D03B-43D2-8350-2C7EA48D4075} - javasy.dll (file missing)

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 9665 bytes

Kjempe fint med svar:)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

AndreaB:

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt) + ny hjt-logg

KimT:

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

Bruk utforsker til å finne og slett mappa (i fet):

C:\Program Files\Macrogaming

Atmoz:

Her var det stor pågang.

Fungerer ikke den første løsningen for alle dere andre som har samme problemet? Eller er det snakk om forskjellige MSN-virus her? Virker litt tungvindt om alle må vise logg for å få det fjernet. :)

MSN-virus er vel bare en fellesbetegnelse for noe man får via MSN. Dessverre er det nok slik at noe ikke er felles, og hva som skal fjernes blir derfor ulikt. Men for all del, jeg tvinger ingen til å poste logg og oppfordrer selvfølgelig til å prøve det som er gjort tidligere OG opprett egne tråder der man evt. sier litt mer om hva foranledningen var.

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Norbat- da har jeg gjort det:

ComboFix 07-11-08.1 - Eier 2007-11-11 21:40:05.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.125 [GMT 1:00]

Running from: C:\Documents and Settings\Eier\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))

.

2007-11-11 21:05 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-11 20:45 <DIR> d-------- C:\Programfiler\Trend Micro

2007-11-11 20:08 <DIR> dr-h----- C:\Documents and Settings\Eier\Siste

2007-11-10 00:02 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-11-05 19:59 36,925 --a------ C:\WINDOWS\system32\javahelper.exe

2007-11-05 19:59 19,000 --a------ C:\WINDOWS\system32\javasy.dll

2007-10-31 20:53 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-10-31 20:53 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys

2007-10-30 15:21 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Norman

2007-10-23 20:37 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2007-10-21 16:32 163,840 --a------ C:\WINDOWS\system32\cmabout.dll

2007-10-21 16:32 84,608 --a------ C:\WINDOWS\system32\drivers\cxbu0wdm.sys

2007-10-21 16:32 61,440 --a------ C:\WINDOWS\system32\chksvrn.dll

2007-10-21 16:31 <DIR> d-------- C:\Programfiler\Buypass

2007-10-21 11:51 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Ulead Systems

2007-10-15 08:09 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\CyberLink

2007-10-11 14:55 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-10 23:22 --------- d-----w C:\Documents and Settings\Eier\Programdata\LimeWire

2007-11-10 18:38 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-11-10 18:32 --------- d-----w C:\Programfiler\Google

2007-11-09 23:03 --------- d-----w C:\Programfiler\Yahoo!

2007-11-03 08:21 --------- d-----w C:\Programfiler\Norton Internet Security

2007-11-01 15:29 --------- d-----w C:\Programfiler\RegistrySmart

2007-11-01 15:29 --------- d-----w C:\Documents and Settings\Eier\Programdata\RegistrySmart

2007-10-25 10:09 --------- d-----w C:\Documents and Settings\Eier\Programdata\AdobeUM

2007-10-21 15:33 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-10-15 07:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\CyberLink

2007-10-04 13:54 --------- d-----w C:\Documents and Settings\Eier\Programdata\U3

2007-09-25 16:14 --------- d-----w C:\Programfiler\HP

2007-09-25 16:14 --------- d-----w C:\Programfiler\Fellesfiler\HP

2007-09-25 16:12 --------- d-----w C:\Programfiler\Hewlett-Packard

2007-09-25 16:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\HP

2007-09-25 16:04 --------- d-----w C:\Documents and Settings\Eier\Programdata\HP

2007-09-24 06:10 --------- d-----w C:\Programfiler\MSXML 4.0

2007-09-21 20:18 --------- d-----w C:\Programfiler\LimeWire

2007-09-21 17:48 --------- d-----w C:\Programfiler\FrostWire

2007-09-21 16:59 --------- d-----w C:\Documents and Settings\Eier\Programdata\Symantec

2007-09-21 16:56 --------- d-----w C:\Documents and Settings\Eier\Programdata\FrostWire

2007-09-21 16:48 --------- d-----w C:\Programfiler\Microsoft.NET

2007-09-21 16:36 --------- d-----w C:\Programfiler\SymNetDrv

2007-09-21 16:36 --------- d-----w C:\Programfiler\Symantec

2007-09-21 16:35 --------- d-----w C:\Programfiler\CCleaner

2007-09-21 16:08 --------- d-----w C:\Programfiler\Java

2007-09-21 16:04 --------- d-----w C:\Programfiler\AskSBar

2007-09-19 09:52 0 ----a-w C:\WINDOWS\system32\drivers\eicon.txt

2007-08-22 13:18 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll

2007-08-22 13:18 658,432 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-08-22 13:18 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-08-22 13:18 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-08-22 13:18 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-08-22 13:18 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-08-22 13:18 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-08-22 13:18 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-08-22 13:18 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-08-22 13:18 3,079,168 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-08-22 13:18 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-08-22 13:18 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-08-22 13:18 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-08-22 13:18 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-08-22 13:18 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-08-22 13:18 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-08-22 13:18 1,054,720 ------w C:\WINDOWS\system32\dllcache\danim.dll

2007-08-22 13:18 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2007-09-21 17:04 66912 --a------ C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

2007-09-21 17:04 267592 --a------ C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"= C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-09-21 17:04 267592]

[HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-09-21 17:04 267592]

[HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 18:44]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 18:43]

"VTTimer"="VTTimer.exe" [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-01-11 07:33 C:\WINDOWS\system32\VTTrayp.exe]

"STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [2003-12-17 16:50]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 17:39 C:\WINDOWS\SOUNDMAN.EXE]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-21 16:24]

"Ulead AutoDetector v2"="C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43]

"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48]

"EmailChecker"="C:\APPS\EmailChecker\ech.exe" [2003-07-02 10:13]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-21 17:36]

"RegistrySmart"="C:\Programfiler\RegistrySmart\RegistrySmart.exe" [2007-08-07 20:59]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 16:39]

"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" []

"ccleaner"="C:\Programfiler\CCleaner\CCleaner.exe" [2007-09-10 15:03]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"Java"= {3DBCBCEC-D03B-43D2-8350-2C7EA48D4075} - javasy.dll [ ]

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

R2 MTC0007_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\drivers\STDSB.sys

S2 STDSB;STDSB;C:\WINDOWS\system32\DRIVERS\STDSB.sys

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b475b997-7276-11dc-ae57-0016e3350795}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-09-19 09:50:51 C:\WINDOWS\Tasks\Registreringspåminnelse 1.job"

"2007-11-11 19:08:19 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"

"2007-11-09 14:30:00 C:\WINDOWS\Tasks\Utvidet garanti.job"

- C:\APPS\SMP\PBCARNOT.EXE

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-11 21:41:20

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-11 21:41:56

C:\ComboFix2.txt ... 2007-11-11 21:10

.

--- E O F ---

Norbat- også den andre:)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:47:07, on 11.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slmdmsr.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\drivers\STDSB.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

C:\Apps\Powercinema\PCMService.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\APPS\SMP\SmpSys.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\RegistrySmart\RegistrySmart.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nor.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\system32\drivers\STDSB.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RegistrySmart] C:\Programfiler\RegistrySmart\RegistrySmart.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\CCleaner.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O21 - SSODL: Java - {3DBCBCEC-D03B-43D2-8350-2C7EA48D4075} - javasy.dll (file missing)

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 9713 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

AndreaB:

Ask Toolbar, er det noe du bruker? Hvis ikke, avinstaller fra legg til /fjern programmer.

Kjør hjt, sett merke framfor følgende linjer og klikk Fix checked:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O21 - SSODL: Java - {3DBCBCEC-D03B-43D2-8350-2C7EA48D4075} - javasy.dll (file missing)

Hent Avenger og pakk det ut.

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

Files to delete:

C:\WINDOWS\system32\javahelper.exe

C:\WINDOWS\system32\javasy.dll

Klikk på Trafikklyset. Restart pc'n.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den om alt gikk greit.

Post ny hjt-logg.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Norbat- også det andre;hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:47:07, on 11.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slmdmsr.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\drivers\STDSB.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

C:\Apps\Powercinema\PCMService.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\APPS\SMP\SmpSys.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\RegistrySmart\RegistrySmart.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nor.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\system32\drivers\STDSB.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RegistrySmart] C:\Programfiler\RegistrySmart\RegistrySmart.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\CCleaner.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O21 - SSODL: Java - {3DBCBCEC-D03B-43D2-8350-2C7EA48D4075} - javasy.dll (file missing)

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 9713 bytes

Norbat- Jeg får ikke lagt inn det jeg skulle kopiere som du skrev...

Norbat- skal jeg trykke på noe når jeg har haket av det i Hijack?

Norbat- Da har jeg gjort som du sa, da jeg restarta pc'en kom dette opp:

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\aguktiqd

*******************

Script file located at: \??\C:\WINDOWS\system32\rhxuclkm.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\javahelper.exe deleted successfully.

File C:\WINDOWS\system32\javasy.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Er da alt i orden, viruset borte, jeg kan laste ned msn igjen og slette de programmene jeg brukte nå?

Norbat- Da har jeg gjort som du sa, da jeg restarta pc'en kom dette opp:

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\aguktiqd

*******************

Script file located at: \??\C:\WINDOWS\system32\rhxuclkm.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\javahelper.exe deleted successfully.

File C:\WINDOWS\system32\javasy.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Er da alt i orden, viruset borte, jeg kan laste ned msn igjen og slette de programmene jeg brukte nå?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Som nevnt, hvis du ikke må ha Ask Toolbar, avinstallerer du det.

Problemet skulle være løst og du /dere bør nullstille systemgjenopprettingsmappa slik at du/dere ikke blir infisert ved en evt. systemgjenoppretting:

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

Sørg for at Windows er oppdatert og likeså java (http://java.com/en/download/index.jsp)

Har du ikke et antispywareprogram, så anbefaler jeg SAS (gratisversjonen). Har du et annet du er fornøyd med så beholder du det. Kjør uansett en full scan for å forsikrer deg om at ting og tang er i orden.

Edit: ja, programmene du har brukt kan fjernes. For å slette combofix, kan du fra Start->Kjør, skrive ComboFix /u, når combofix-vinduet kommer fram, velger du valg 2.

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Norbat- Her er ny hijacktis, etter det du ba meg gjøre.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:19:12, on 11.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slmdmsr.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\drivers\STDSB.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

C:\Apps\Powercinema\PCMService.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\APPS\SMP\SmpSys.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\RegistrySmart\RegistrySmart.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nor.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\system32\drivers\STDSB.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RegistrySmart] C:\Programfiler\RegistrySmart\RegistrySmart.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\CCleaner.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 8999 bytes

Jeg skal ha fjerna ask toolbar.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ser fint ut det der.

surf trygt.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hvordan oppdaterer jeg windows?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hvordan oppdaterer jeg windows?

Som regel skjer det 'automatisk', men du kan sjekke ved å gå til windows update: Start->alle programmer->windows update

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Det gjør du ved å aktiviere Windows Update :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Tusen hjertlig takk for hjelpa:)

Da kan jeg laste ned msn igjen?

Og alt viruset er borte?

Tusen hjertlig takk for hjelpa:)

Da kan jeg laste ned msn igjen?

Og alt viruset er borte?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Tusen hjertlig takk for hjelpa:)

Da kan jeg laste ned msn igjen?

Og alt viruset er borte?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Alt skulle være i orden nå, så bare last ned msn igjen om du avinstallerte den.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Tusen, tusen takk :D

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

norbat kunne du se på denne hjt-loggen her å. ser det det jeg fikk beskjed om å slette ikke er helt likt her så lurer på om alt er som det skal her.

takk for all hjelp foresten :D

C:\WINDOWS\AGRSMMSG.exe

C:\Apps\Powercinema\PCMService.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe

C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\LVComSX.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hamarungdom.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nor.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Programfiler\Video ActiveX Object\isadd.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Programfiler\Video ActiveX Object\iesplugin.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Telenor] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Programfiler\Video ActiveX Object\isamntr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk570YYNO

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - (no file)

O22 - SharedTaskScheduler: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - (no file)

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 12866 bytes

Endret av KimT
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Vil i utg.pkt tro det er bedre å opprette et nytt emne, men når du først er her :)

Last ned SAS, installer, oppdater og kjør en full (Complete) scan.

Post loggen den lager (preferences->statistics/logs) + ny hjt-logg, så ser vi hva som blir igjen.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei der.

Poster en hjt-logg. kan du se hva mitt problem er?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:38:56, on 19.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\firebird\firebird_1_5\bin\fbguard.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Atheros WLAN Adapter\ACU.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

C:\WINDOWS\mrofinu1000726.exe

C:\APPS\SMP\SmpSys.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Insider\Insider.exe

C:\DOCUME~1\STIGNO~1\MYDOCU~1\SCURIT~1\taskmgr.exe

C:\WINDOWS\TEMP\CY1D97.EXE

C:\Program Files\firebird\firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Logitech\QuickCam10\COCIManager.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe

c:\progra~1\common~1\instal~1\update~1\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Citrix\ICA Client\Wfcrun32.exe

C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.tirb.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {93FEFD10-6AF6-4F5E-8B5B-4DE604825B92} - C:\WINDOWS\system32\yeurzx.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros WLAN Adapter\ACU.exe" -nogui

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Atas] "C:\DOCUME~1\STIGNO~1\MYDOCU~1\SCURIT~1\taskmgr.exe" -vt yazb

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://avserver:4343/officescan/console/Cl...ll/WinNTChk.cab

O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://avserver:4343/officescan/console/Cl...ll/setupini.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://avserver:4343/officescan/console/Cl...stall/setup.cab

O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://avserver:4343/officescan/console/html/AtxEnc.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://avserver:4343/officescan/console/Cl.../RemoveCtrl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180446216078

O18 - Protocol: bw+0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {60836074-7AA1-45E6-9460-B6559D62537E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O21 - SSODL: Java - {1E61D66E-1A34-40DC-B17D-3F92A67CDFCB} - java32.dll (file missing)

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\firebird\firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\firebird\firebird_1_5\bin\fbserver.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--

End of file - 21869 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Hei, Normann

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Det lages en logg som du poster senere.

Last deretter ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan.

Post følgende logger:

Combofix (c:\combofix.txt)

SAS (preferences->statistics/logs)

Ny hjt-logg

EDIT: Og opprett gjerne en ny tråd der du legger loggen. Denne tråden begynner og bli langt og uoversiktelig nok :)

Finn på en passende trådtittel.

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive