Iexplorer.exe MATHMA ~ 1.exe RECTBO ~ 1.exe

euphotix · #1 16th 2008 jan 12:24

så jeg lastet ned winzix. yah im dum jeg vet nå. men jeg fjernet den, og gjorde et par virus skanner. brukt AVG og McAfee. men jeg fikk 2 iexplorers åpnes i min Windows Oppgavebehandling. og når jeg lukker dem, eller gjøre det slutt prosessen treet, Matha ~ 1.exe eller RECTBO ~ 1.exe åpner bare for et sekund og gjenåpner den iexplorers. og så tett. soo yah jeg dont vite hva å gjøre. Men jeg ser mye ppl si å bruke kapre denne. soo heres my kapre denne loggen. alle hjelpe ville være verdsatt soo

Logfile of HijackThis v1.99.1
Scan lagret på 1:04:01 PM, on 1/16/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ MNA \ mcnasvc.exe
c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcshield.exe
C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
c: \ progra ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programfiler \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ Creative \ MediaSource \ Go \ CTCMSGo.exe
C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
C: \ Programfiler \ OpenOffice.org 2.3 \ program \ soffice.exe
C: \ Programfiler \ OpenOffice.org 2.3 \ program \ soffice.BIN
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: scriptproxy - (7DB2D5A0-7241-4E79-B68D-6309F01C5231) - C: \ Programfiler \ McAfee \ VirusScan \ scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programfiler \ Google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Programfiler \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [bøye logo klokken film] C: \ Documents and Settings \ All Users \ Application Data \ Frag Great Bend logo \ fire tick.exe
O4 - HKCU \ .. \ Run: [trustlive] C: \ DOCUME ~ 1 \ DANIEL ~ 1 \ APPLIC ~ 1 \ RECTLO ~ 1 \ Math Mags.exe
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programfiler \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Creative MediaSource Go] C: \ Program Files \ Creative \ MediaSource \ Go \ CTCMSGo.exe / SYS
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C: \ Programfiler \ OpenOffice.org 2.3 \ program \ quickstart.exe
O8 - Extra sammenheng menyelement: & Google Search - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmsearch.html
O8 - Extra sammenheng menyelement: Bakoverkoblinger - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra sammenheng menyelement: Hurtigbufret side - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmcache.html
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammenheng menyelement: Lignende sider - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmsimilar.html
O8 - Extra sammenheng menyelement: Oversett til engelsk - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmtrans.html
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: UltimateBet - (94148DB5-B42D-4915-95DA-2CBB4F7095BF) - C: \ Programfiler \ UltimateBet \ UltimateBet.exe
O9 - Extra "Verktøy" MENUITEM: UltimateBet - (94148DB5-B42D-4915-95DA-2CBB4F7095BF) - C: \ Programfiler \ UltimateBet \ UltimateBet.exe
O9 - Extra knappen: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Programfiler \ AIM \ aim.exe
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ YPager.exe
O9 - Extra "Verktøy" MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ YPager.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe (fil mangler)
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe

**evilfantasy** · #2 16th 2008 jan 13:02

Velkommen til TCF.

Lar se om vi kan kurere dette.

Last ned OTMoveIt2 av OldTimer OTMoveIt2.exe og lagre den på skrivebordet. Ikke bruk den ennå.

---------------

Åpne HijackThis og velg Gjør et søk deretter plassere et merke ved siden:

O4 - HKLM \ .. \ Run: [bøye logo klokken film] C: \ Documents and Settings \ All Users \ Application Data \ Frag Great Bend logo \ fire tick.exe
O4 - HKCU \ .. \ Run: [trustlive] C: \ DOCUME ~ 1 \ DANIEL ~ 1 \ APPLIC ~ 1 \ RECTLO ~ 1 \ Math Mags.exe

Lukk alle vinduer unntatt HijackThis og klikk Fix kontrolleres

Avslutt Hijackthis.

---------------

Dobbeltklikk OTMoveIt2.exe å lansere den.

Pass på at det er et merke ved siden av Avregistrere DLL og ocx's

Kopier de to filbaner nedenfor til utklippstavlen ved å markere ALL av dem.
Deretter høyreklikker du og velger kopier.

C: \ Documents and Settings \ All Users \ Application Data \ Frag Great Bend logo \ fire tick.exe
C: \ DOCUME ~ 1 \ DANIEL ~ 1 \ APPLIC ~ 1 \ RECTLO ~ 1 \ Math Mags.exe

Gå tilbake til OTMoveIt, høyreklikk på Lim Liste over filer / mapper skal flyttes vinduet og velge Lim.
Klikk på den røde MoveIt! knappen.
Listen vil bli behandlet og resultatene vises i høyre rute.
Kopier alt på Resultater vindu til utklippstavlen ved å markere ALL av dem.
Deretter høyreklikke og velge kopier, og lim den på neste svaret.
Når du er ferdig klikker Avslutt for å avslutte programmet.
Legg til loggen i din neste svaret.

Hvis en fil eller mappe som ikke kan flyttes umiddelbart, kan du bli bedt om å restarte maskinen for å fullføre flytte prosessen. Hvis du blir bedt om å restarte maskinen, velger Ja.

Hvis en omstart er nødvendig, eller at du trengte å gå ut før du legger loggen, vil du finne en kopi av loggen i roten til stasjonen der OTMoveIt er installert, vanligvis på: C: \ _OTMoveIt \ MovedFiles \ ********_******. logg

(der "********_******" er "date_time")

Klikk Avslutt å lukke OTMoveIt.

---------------

Neste post kan du legge inn OTMoveIt logg

**Axegrinder** · #3 16th 2008 jan 13:06

O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll

Er vinduene geni?

Edit: Evilfantasy slo meg også det

euphotix · #4 16 januar 2008, 14:01

YAY!! im ganske sikker på at det fungerte. takk en meget, men jeg er litt urolig av den mislykkede flyttet filen.

File flytte mislyktes. C: \ Documents and Settings \ All Users \ Application Data \ Frag Great Bend logo \ fire tick.exe planlagt å bli flyttet på reboot.
C: \ DOCUME ~ 1 \ DANIEL ~ 1 \ APPLIC ~ 1 \ RECTLO ~ 1 \ Math Mags.exe flyttet korrekt.

OTMoveIt2 v1.0.7 logge opprettet på 01162008_145132

EDIT: im ganske sikker på meg vinduer er ekte, fikk jeg meg kompakt skreddersydde for noen år tilbake

**evilfantasy** · #5 16th 2008 jan 14:05

Visste du starter?

Vi trenger å gjøre noe mer. Vanligvis infiserte områder som viser er bare toppen av problemet. Lar sørge for at alt er borte.

Laste ned SUPERAntispyware Free Edition (SAS)

Dobbeltklikk på ikonet på skrivebordet for å kjøre installasjonsprogrammet.
Når spurt om å Oppdatering programmet definisjoner, klikk Ja
Neste Klikk Preferanser knappen.
Klikk Scanning Control tab.
Under Scanner Valg sørg bare følgende er kontrollert:
- Lukk lesere før skanning
- Søk etter sporingskapsler
- Terminate minne trusler før quarantining
- Vennligst la andre ukontrollert.
- Klikk Lukk for å forlate kontrollsenter skjermen.
Klikk Lukke knappen for å forlate kontrollsenter skjermen.
På hovedskjermen klikk Skanner datamaskinen
På venstre sjekk C: \ Fixed Drive
På høyre velge Utfør Complete Scan
Klikk Neste å starte skanningen. Vær tålmodig mens den skanner datamaskinen din.
Når skanningen er fullført et sammendrag boks. Klikk OK
Sørg for at alt i den hvite boksen har et merke ved siden av den, klikk Neste
Det vil karantene det funnet, og hvis den spør om du vil starte på nytt, klikker du Ja
Å hente fjerningen informasjon, vennligst gjør følgende:
- Etter omstart, dobbeltklikker SUPERAntiSpyware ikon på skrivebordet.
- Klikk Preferanser. Klikk Statistikk / Logs tab.
- Under Scanner Logger, dobbeltklikk SUPERAntiSpyware Scan Logg.
- Det åpnes i standard tekstredigeringsprogram (for eksempel Notepad / Wordpad).
- Lagre notisblokken filen på skrivebordet ved å klikke (i notepad) "Fil""Lagre som"
Lagre loggen sted du lett kan finne den. (normalt skrivebordet)
Klikk Lukk, og lukk igjen for å avslutte programmet.
Vennligst kopier og lim loggen i innlegget.

---------------

Kjør en ny Hijackthis scan og post loggen også.

---------------

Neste post
SuperAntispyware logg
Ny Hijackthis logg

euphotix · #6 17th 2008 jan 02:28

hey hey, tok beklager i så lang tid. Jeg måtte jobbe rett etter at mitt siste innlegg.

men heres loggene!!

Kapre denne loggen

Logfile of HijackThis v1.99.1
Scan lagret på 3:26:25 AM, on 1/17/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ MNA \ mcnasvc.exe
c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcshield.exe
C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
c: \ progra ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Creative \ MediaSource \ Go \ CTCMSGo.exe
C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ OpenOffice.org 2.3 \ program \ soffice.exe
C: \ Programfiler \ OpenOffice.org 2.3 \ program \ soffice.BIN
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Programfiler \ BitComet \ BitComet.exe
C: \ Program Files \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: scriptproxy - (7DB2D5A0-7241-4E79-B68D-6309F01C5231) - C: \ Programfiler \ McAfee \ VirusScan \ scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programfiler \ Google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Programfiler \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programfiler \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Creative MediaSource Go] C: \ Program Files \ Creative \ MediaSource \ Go \ CTCMSGo.exe / SYS
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C: \ Programfiler \ OpenOffice.org 2.3 \ program \ quickstart.exe
O8 - Extra sammenheng menyelement: & Google Search - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmsearch.html
O8 - Extra sammenheng menyelement: Bakoverkoblinger - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra sammenheng menyelement: Hurtigbufret side - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmcache.html
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammenheng menyelement: Lignende sider - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmsimilar.html
O8 - Extra sammenheng menyelement: Oversett til engelsk - res: / / c: \ Programfiler \ Google \ GoogleToolbar2.dll/cmtrans.html
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: UltimateBet - (94148DB5-B42D-4915-95DA-2CBB4F7095BF) - C: \ Programfiler \ UltimateBet \ UltimateBet.exe
O9 - Extra "Verktøy" MENUITEM: UltimateBet - (94148DB5-B42D-4915-95DA-2CBB4F7095BF) - C: \ Programfiler \ UltimateBet \ UltimateBet.exe
O9 - Extra knappen: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Programfiler \ AIM \ aim.exe
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ YPager.exe
O9 - Extra "Verktøy" MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ YPager.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe (fil mangler)
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe

og heres my SUPERspyware logg

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/17/2008 at 03:11

Application Version: 3.9.1008

Core Rules Database Version: 3381
Trace Rules Database Version: 1375

Scan type: Complete Scan
Total Scan Time: 04:41:27

Memory eks skannet: 544
Minne trusler oppdages: 0
Register eks skannet: 5928
Registerverdi trusler oppdages: 0
File eks skannet: 173662
Fil trusler oppdages: 71

Adware.Tracking Cookie
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@www.findagrave [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ clicksor [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@ontarget.122.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ EyeWonder [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ partypoker [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ toppliste [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@highbeam.122.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@counter.inkfrog [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@community.finditquick [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ atwola [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.adengage [3]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.str8up [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ overture [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ tacoda [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ pitchforkmedia [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ azjmp [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@try.starware [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ adinterax [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@nhl.112.2o7 [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ knight@ylwbook.findlinks Daniel [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ knight@www.epilot Daniel [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@mcclatchy.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@servedby.adorigin [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@roi.admarketplace [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ adcentriconline [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.tnt [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight @ 2o7 [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ clicktorrent [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@richmedia.yahoo [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ html [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ findagrave [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ adorigin [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel_knight@partygaming.122.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ windowsmedia [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ knight@2.go.globaladsales Daniel [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ 2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ adinterax [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.adengage [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@ads.realtechnetwork [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@bridge.admarketplace [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@buzznet.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ cpvfeed [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ Kelkoo [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ forsterke [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@h.starware [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ interclick [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ localhelpfinder [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@nhl.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ optimost [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ partypoker [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@publishers.clickbooth [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ smileycentral [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ tacoda [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@tremor.adbureau [2]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@waterfrontmedia.112.2o7 [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@www.dealtime [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@www.geeksfind [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel knight@www.popundersupply [1]. Txt
C: \ Documents and Settings \ Daniel Knight \ Cookies \ daniel ridder @ xiti [1]. Txt

Adware.Search2Find
C: \ SYSTEM VOLUME INFORMATION \ _RESTORE (9ABC731F-C847-4CA4-821A-E6D2ED1D4D39) \ RP565 \ A0305240.EXE

Trojan.Downloader-ConHook
C: \ WINDOWS \ SYSTEM32 \ DDAYA.EXE

Trojan.Downloader-Gen/BigTkt
C: \ WINDOWS \ SYSTEM32 \ DRVSIPR.DLL

Adware.Vundo Variant / rel
C: \ WINDOWS \ SYSTEM32 \ TSTWA.BAK1

Adware.Lop
C: \ _OTMOVEIT \ MOVEDFILES \ 01162008_145132 \ Documents and Settings \ All Users \ Application Data \ frag Great Bend LOGO \ FOUR TICK.EXE

**evilfantasy** · #7 17th 2008 Jan, 09:00

Loggene ser bra nå. Hvordan er datamaskinen?

Tid til å gjøre noen Cleanup og sikker arbeidet du har gjort.

Klikk START så RUN
Nå kan du skrive Combofix / u i runbox
Kontroller at det er et mellomrom mellom Combofix og / u
Trykk Angi.

Ovennevnte prosedyre skal:
Slett følgende:
ComboFix og dets tilhørende filer og mapper.
Tilbakestill Klokkeinnstillingene.
Skjul filetternavn, om nødvendig.
Skjule System / Skjulte filer, om nødvendig.
Angi en ny, ren Restore Point.

La oss fjerne programmene vi har brukt til å rydde opp i datamaskinen din, er de ikke egnet for
generell malware fjerning og kan forårsake skade hvis lansert ved et uhell.

Last ned OTMoveIt2 av OldTimer OTMoveIt2.exe og plassere den på skrivebordet.

1. Dobbeltklikk OTMoveIt2.exe å lansere den.
2. Klikk på CleanUp! knappen.
3. OTMoveIt2 vil laste ned fra Internett, hvis brannmuren eller andre defensive programmer varsler deg, at den tilgang.
4. Klikk JA ved neste ledeteksten (listen er lastet ned, vil du begynne Cleanup prosessen?)

Når du er ferdig avkjøring ut OTMoveIt2

Sjekk ut Keeping Yourself trygt På Internett for tips og gratis verktøy for å holde deg trygg i fremtiden.

Se også Treg maskin? Det er kanskje ikke Malware gratis renhold / vedlikehold av verktøy for å holde datamaskinen kjører glatt.

La meg vite hvor alt er nå.

euphotix · #8 17th 2008 jan 23:52

Ok jeg gjorde det, men jeg couldnt gjøre Combixfix thingy. det står vinduer skrånende finner den.

og jeg gjorde OTMoveIt2, og igjen ble det sagt mislykkes, vil gjøre det ved oppstart, men den ikke starte på oppstart

jeg ville vise u loggen. men jeg slettet den cuz Jeg ble ganske redd når u sa at noen kunne ved et uhell sletter noe på min komp med det. lol

EDIT: oh ya datamaskinen min er tilbake til normalt nå, men im goin å sjekke kastet treg datamaskin kan være skadelig tråd
BTW takk en meget DU AWESOME person awesomeness

**evilfantasy** · #9 17th 2008 jan 23:55

Ingen problemer er jeg sikker på at alt er bra.

Kjører datamaskinen OK likevel?

Lignende Tråder
Tråd	Tråd startet	Forum	Svar	Siste innlegg
Iexplorer dårlig bilde-HELPPPP Ver	soupman23	Virus, spionprogrammer og sikkerhet	11	29 desember 2008 00:52
Iexplorer.exe virus - behage hjelpe meg!	Giant Panda	Virus, spionprogrammer og sikkerhet	2	6 okt 2008 14:55
IEXPLORER.EXE virus pls anmeldelse kapre logg	nitingaur	Virus, spionprogrammer og sikkerhet	15	22. sep 2008 16:40
Jeg får bone.exe viruset for min iexplorer	damandg	Virus, spionprogrammer og sikkerhet	12	14 juli 2008 14:31
Iexplorer.exe virus	iuboy2006	Virus, spionprogrammer og sikkerhet	9	26 mars 2008 08:12