[durial666]

Jeg får stadig denne boksen vises når jeg går gjennom noe som Mine dokumenter eller datamaskin osv. ... Det vises også når jeg bruker IE, men ikke når jeg bruker Firefox. Jeg har brukt flere programmer samtidig som den fortsatt over det. Kan det være en rootkit (håper ikke).



Min Logger: --

ESET Online Scanner
# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2836 (20080130)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = 86fa0ec02340bf40b27cfd3ccc323dee
# End = ferdig
# Remove_checked = sant
# Unwanted_checked = sant
# Utc_time = 2008-01-31 02:29:31
# Local_time = 2008-01-31 02:29:31 (+0000 GMT Standard Time)
# Landet = "Storbritannia"
# OSVer = 6.0.6000 NT
# Skannet = 306177
# Funnet = 0
# Scan_time = 8875

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/31/2008 at 02:32

Application Version: 3.9.1008

Core Rules Database Version: 3391
Trace Rules Database Version: 1383

Scan type: Complete Scan
Total Scan Time: 02:21:07

Minne eks skannet: 834
Minne trusler oppdages: 0
Registerelementene skannet: 7637
Registerverdi trusler oppdages: 0
Fil eks skannet: 66364
Fil trusler oppdages: 6

Adware.Tracking Cookie
C: \ Users \ Chris \ AppData \ Roaming \ Microsoft \ Windows \ C ookies \ chris @ tribalfusion [2]. Txt
C: \ Users \ Chris \ AppData \ Roaming \ Microsoft \ Windows \ C ookies \ chris@adopt.euroclick [2]. Txt

Trojan.Media-Codec/V5-Intaller
C: \ Users \ CHRIS \ Skrivebord \ INSTALL_PLAYER_3912994 (2). E XE
C: \ Users \ CHRIS \ Skrivebord \ INSTALL_PLAYER_3912994.EXE
C: \ Windows \ Prefetch \ INSTALL_PLAYER_3912994 (2). EXE-03357FA6.pf
C: \ Windows \ Prefetch \ INSTALL_PLAYER_3912994.EXE-9E95D8EF.pf

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 12:05:19, on 31/01/2008
Plattform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Kjører prosesser:
C: \ Windows \ System32 \ smss.exe
C: \ Windows \ system32 \ Csrss.exe
C: \ Windows \ system32 \ wininit.exe
C: \ Windows \ system32 \ Csrss.exe
C: \ Windows \ system32 \ Services.exe
C: \ Windows \ system32 \ Lsass.exe
C: \ Windows \ system32 \ lsm.exe
C: \ Windows \ system32 \ Winlogon.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ Microsoft.Net \ Framework \ v3.0 \ wpf \ Presen tationFontCache.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ SLsvc.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe
C: \ Windows \ System32 \ Spoolsv.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.exe
C: \ Programfiler \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Programfiler \ TOSHIBA \ Power Saver \ TPwrMain.exe
C: \ Programfiler \ TOSHIBA \ SmoothView \ SmoothView.exe
C: \ Programfiler \ TOSHIBA \ FlashCards \ TCrdMain.exe
C: \ Programfiler \ a-kvadrerte Anti-Malware \ a2service.exe
C: \ Windows \ system32 \ agrsmsvc.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Bonjour \ mDNSResponder.exe
C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ TODDSrv.exe
C: \ Programfiler \ TOSHIBA \ Power Saver \ TosCoSrv.exe
c: \ Program Files \ Toshiba \ Bluetooth Toshiba Stack \ TosBtSrv.exe
C: \ Programfiler \ Fellesfiler \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ system32 \ SearchIndexer.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Programfiler \ TOSHIBA \ Utilities \ KeNotify.exe
C: \ Programfiler \ TOSHIBA \ ConfigFree \ NDSTray.exe
C: \ Programfiler \ TOSHIBA \ Toshiba Online Product Information \ TOPI.exe
C: \ Program Files \ IDM \ Desktop SMS \ DesktopSMS.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Programfiler \ TOSHIBA \ Registration \ ToshibaRegistration.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Camera Assistant Software for Toshiba \ traybar.exe
C: \ Programfiler \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ a-kvadrerte Anti-Malware \ a2guard.exe
C: \ Program Files \ Windows Sidebar \ sidebar.exe
C: \ Programfiler \ TOSHIBA \ TOSCDSPD \ TOSCDSPD.exe
C: \ Programfiler \ MSN Messenger \ msnmsgr.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Windows \ system32 \ wbem \ wmiprvse.exe
C: \ Programfiler \ Veoh Networks \ Veoh \ VeohClient.exe
C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ Fantastic Flame Screensaver \ FantasticFlameAgent.exe
C: \ Windows \ ehome \ ehmsas.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynToshiba.exe
C: \ Program Files \ Camera Assistant Software for Toshiba \ CEC_MAIN.exe
C: \ Program Files \ Windows Sidebar \ sidebar.exe
C: \ Programfiler \ PC Connectivity Solution \ ServiceLayer.exe
C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSwMgr.exe
C: \ Program Files \ Windows Mail \ WinMail.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Programfiler \ MSN Messenger \ usnsvc.exe
C: \ Programfiler \ Microsoft Office \ Office11 \ Winword.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ msiexec.exe
C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
C: \ Programfiler \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ system32 \ SearchProtocolHost.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ Sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.altavista.com/audio/default
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O1 - Hosts::: 1 localhost
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - (4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C) - c: \ progra ~ 1 \ MEGAUP ~ 1 \ MEGAUP ~ 1.DLL
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Player - (83FD1F86-B40A-41EE-8512-929F005ED2A8) - C: \ Windows \ orgnavi.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O3 - Toolbar: Megaupload Toolbar - (4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C) - c: \ progra ~ 1 \ MEGAUP ~ 1 \ MEGAUP ~ 1.DLL
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [TPwrMain]% ProgramFiles% \ TOSHIBA \ Power Saver \ TPwrMain.EXE
O4 - HKLM \ .. \ Run: [HSON]% ProgramFiles% \ TOSHIBA \ TBS \ HSON.exe
O4 - HKLM \ .. \ Run: [SmoothView]% ProgramFiles% \ Toshiba \ SmoothView \ SmoothView.exe
O4 - HKLM \ .. \ Run: [00TCrdMain]% ProgramFiles% \ TOSHIBA \ FlashCards \ TCrdMain.exe
O4 - HKLM \ .. \ Run: [KeNotify] C: \ Programfiler \ TOSHIBA \ Utilities \ KeNotify.exe
O4 - HKLM \ .. \ Run: [HWSetup] C: \ Programfiler \ TOSHIBA \ Utilities \ HWSetup.exe hwSetUP
O4 - HKLM \ .. \ Run: [SVPWUTIL] C: \ Programfiler \ TOSHIBA \ Utilities \ SVPWUTIL.exe SVPwUTIL
O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM \ .. \ Run: [topi] C: \ Programfiler \ TOSHIBA \ Toshiba Online Product Information \ topi.exe-oppstart
O4 - HKLM \ .. \ Run: [Desktop SMS] C: \ Program Files \ IDM \ Desktop SMS \ DesktopSMS.exe / auto
O4 - HKLM \ .. \ Run: [NvSvc] rundll32.exe C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Toshiba Registration] C: \ Programfiler \ Toshiba \ Registration \ ToshibaRegistration.exe
O4 - HKLM \ .. \ Run: [avast!] C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Camera Assistant Software] "C: \ Program Files \ Camera Assistant Software for Toshiba \ traybar.exe"
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] C: \ Programfiler \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe-oppstart
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [a-kvadrerte] "C: \ Programfiler \ a-kvadrerte Anti-Malware \ a2guard.exe" / d = 60
O4 - HKLM \ .. \ Run: [PrevxCSI] "C: \ Programfiler \ PrevxCSI \ prevxcsi.exe"-boot
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files \ Windows Sidebar \ sidebar.exe / autorun
O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Programfiler \ TOSHIBA \ TOSCDSPD \ TOSCDSPD.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programfiler \ MSN Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [Veoh] "C: \ Programfiler \ Veoh Networks \ Veoh \ VeohClient.exe" / VeohHide
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] C: \ Programfiler \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] C: \ Programfiler \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'Default user')
O4 - Global Startup: Fantastic Flame Agent.lnk = C: \ Programfiler \ Fantastic Flame Screensaver \ FantasticFlameAgent.exe
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ npjpi160_04.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ npjpi160_04.dll
O9 - Extra knappen: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: S & end til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: eBay - (C08CAF1D-C0A3-40D5-9970-06D067EAC017) -- http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (fil mangler)
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter klasse) - C: \ Programfiler \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown klasse) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasse) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D4323BF2-006A-4440-A2F5-27E3E7AB25F8) (Virtools WebPlayer klasse) -- http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8) (GoPetsWeb Control) -- https: / / secure.gopetslive.com / dev / GoPetsWeb.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: A-kvadrerte Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C: \ Programfiler \ a-kvadrerte Anti-Malware \ a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C: \ Windows \ system32 \ agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programfiler \ Fellesfiler \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C: \ Programfiler \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C: \ Windows \ system32 \ TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C: \ Programfiler \ TOSHIBA \ Power Saver \ TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c: \ Program Files \ Toshiba \ Bluetooth Toshiba Stack \ TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C: \ Programfiler \ Fellesfiler \ Ulead Systems \ DVD \ ULCDRSvr.exe

--
End of file - 14403 bytes

Jeg skal legge til et par av loggene fra andre programmer til å: --

A-kvadrerte

a-kvadrerte Anti-Malware - Versjon 3.1
Sist oppdatert: 31/01/2008 01:16:41

Scan innstillinger:

Objects: Memory, spor, Cookies, C: \, E: \
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 31/01/2008 01:46:59

C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 43 oppdaget: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 72 oppdaget: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 80 oppdaget: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 161 oppdages: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 162 oppdages: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 167 oppdages: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 181 oppdages: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 210 oppdages: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 282 oppdages: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 283 oppdages: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 338 oppdages: Trace.TrackingCookie
C: \ Programfiler \ DarkandLight \ Launcher.exe oppdaget: Trojan-Spy.Win32.Banker.gez

Skannet

Files: 160756
Spor: 296173
Cookies: 381
Prosesser: 87

Fant

Filer: 1
Spor: 0
Cookies: 11
Prosesser: 0
Registernøkler: 0

Scan end: 31/01/2008 04:13:41
Scan time: 2:26:42

C: \ Programfiler \ DarkandLight \ Launcher.exe slettet: Trojan-Spy.Win32.Banker.gez
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 43 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 72 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 80 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 161 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 162 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 167 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 181 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 210 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 282 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 283 slettet: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro filer \ xqe1wgaj.default \ cookies.txt: 338 slettet: Trace.TrackingCookie

slettet:

Filer: 1
Spor: 0
Cookies: 11

Når bruke Spybot S & D Jeg får stadig den samme problem

[evilfantasy]

Velkommen til TCF.


Laste ned SmitfraudFix (av S! Ri) til skrivebordet ditt.

• Pakk ut alle filene til Destop.
• En mappe kalt SmitfraudFix vil bli opprettet på skrivebordet.

[liste]

VENNLIGST lest alle disse instruksjonene før du gjør noe. Still spørsmål du måtte ha før oppstart.

Du bør skrive ut disse instruksjonene eller kopiere og lime dem til notepad og lagre det til skrivebordet så vil du ikke kunne se denne siden i sikker modus

• Vær så snill starte datamaskinen på nytt i sikkermodus ved å trykke F8 før Windows begynner å laste inn og velge sikkermodus.

• Åpne SmitfraudFix mappe på skrivebordet, dobbeltklikk deretter smitfraudfix.cmd filen for å starte verktøyet.

• Velg alternativ # 2 - Renhet ved å skrive 2 og trykk Angi.

• Programmet vil starte rengjøring maskinen og går gjennom en rekke Cleanup prosesser. Vent på verktøyet for å fullføre og Diskopprydding til slutt.
  • Denne prosessen kan ta noe tid avhengig av datamaskinen din, så vær tålmodig.
• Når det er fullført, vil det lukke automatisk, og du må fortsette med neste trinn.

• Du blir bedt om: "Registry rensing - Vil du rense registret? Svar Ja ved å skrive Y og trykk Angi.

• Verktøyet vil også sjekke om Wininet.dll er infisert. Hvis den er smittet, og en ren versjon blir funnet, blir du bedt om å erstatte den infiserte Wininet.dll med ren fil.
• Svar Ja på spørsmålet "Erstatt infiserte filen?"Ved å skrive Y og trykk Angi.

En start kan være nødvendig for å fullføre rengjøring prosessen. Rapporten finnes på roten av systemet, vanligvis på C: \ rapport.txt

Foreslåtte trinn:

• Slik gjenoppretter Pålitelige og Begrenset område sone, velger 3 og trykk Angi.

• Du blir bedt om: Gjenoppr Trusted Zone? svar Y (ja) og trykk Angi å slette klarerte sonen.

• Nå omstart i normal modus og Innlegg denne nye rapport.txt i neste innlegg.

• ADVARSEL Kjører dette alternativet på ikke infisert datamaskin vil fjerne skrivebordsbakgrunn. Så bare kjør den gang!

----------

Neste kjøre en ny Hijackthis scan og post loggen.

----------

Neste innlegg kan du legge
SmitfraudFix logg
Ny Hijackthis logg