Zlob, Smitfraud, pop-ups, rød bakgrunn endringer

**guccijana** · #1 28th September 2007, 17:13

Jeg heter Tatjana og im desperate etter hjelp, prøvd nesten hver virusskanningen outthere, men nei. Jeg har forsøkt å laste ned Smitfraud fikse, men det kunne ikke safed fordi kilden finnes ikke "eller" ukjent feil ".. samme eksakte problemet som denne fyren" godt Jeg blir dum pop up som sier PC-en er under trusselen via oppgavelinjen / verktøylinjen, og et stort rødt kryss blinker på oppgavelinjen og min bakgrunn på skrivebordet endringer på rød bakgrunn et stort symbol bildet, og Norton cant se dette, en av pop up boblene fra oppgavelinjen / verktøylinjen sier sitt trojan32.looksky, og også min hjemmeside på Internet Explorer er endret til ucleaner.com, ultimate renere 2007, whicjh er en falsk spyware ting scanner / Remover "
behage hjelpe meg!
Min logg

Logfile of HijackThis v1.99.1
Scan lagret 7:26:18 PM, on 9/28/2007
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ brsvc01a.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Programfiler \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programfiler \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programfiler \ BroadJump \ Client Foundation \ CFD.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ Programfiler \ Yahoo! \ Yahoo! Musikk Motor \ ymetray.exe
C: \ Programfiler \ Yahoo! \ Antivirus \ CAVTray.exe
C: \ Programfiler \ Yahoo! \ Antivirus \ CAVRID.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Programfiler \ QuickTime \ QTTask.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Webroot \ Spy Sweeper \ SpySweeperUI.exe
C: \ WINDOWS \ system32 \ WTablet \ TabUserW.exe
C: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Yahoo! \ Antivirus \ ISafe.exe
C: \ Programfiler \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programfiler \ CIFPFiltering \ FilterService.exe
C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
C: \ Programfiler \ Eset \ nod32krn.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ Programfiler \ Yahoo! \ Antivirus \ VetMsg.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ Programfiler \ Webroot \ Spy Sweeper \ SpySweeper.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Webroot \ Spy Sweeper \ SSU.EXE
C: \ WINDOWS \ explorer.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrowser.exe
C: \ Program Files \ Hijackthis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"), (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ DEFAULT \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"), (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ DEFAULT \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Programfiler \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programfiler \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Programfiler \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Programfiler \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Programfiler \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Programfiler \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ progra ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [VirusScan Online] c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsshld.exe
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Programfiler \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [CaAvTray] "C: \ Programfiler \ Yahoo! \ Antivirus \ CAVTray.exe"
O4 - HKLM \ .. \ Run: [CAVRID] "C: \ Programfiler \ Yahoo! \ Antivirus \ CAVRID.exe"
O4 - HKLM \ .. \ Run: [YOP] "c: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe" / autostart
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [nod32kui] "C: \ Programfiler \ Eset \ nod32kui.exe" / WAITSERVICE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SpySweeper] "C: \ Programfiler \ Webroot \ Spy Sweeper \ SpySweeperUI.exe" / startintray
O4 - HKCU \ .. \ Run: [Yahoo! Personsøker] "c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe" stille
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] "C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Skuff Icon.lnk = C: \ Programfiler \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Programfiler \ Pantone COLORVISION \ Startup ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ system32 \ WTablet \ TabUserW.exe
O9 - Extra knappen: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Extra knappen: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fil mangler)
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer klasse) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C: \ WINDOWS \ system32 \ WRLogonNTF.dll
O21 - SSODL: mssql - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (D5B03680-8880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmhost - (69F3A520-2471-4FF3-8139-ECFD56DED8DB) - C: \ WINDOWS \ msmhost.dll
O21 - SSODL: msmdev - (E8E8584D-8FA5-4641-A934-8A93158794E9) - C: \ WINDOWS \ msmdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Programfiler \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Tilkobling Service (AOL ACS) - America Online, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Hurtigtast Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - Brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C: \ Programfiler \ Yahoo! \ Antivirus \ ISafe.exe
O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Programfiler \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Programfiler \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Merking Service (LightScribeService) - Unknown owner - C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c: \ progra ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \ Programfiler \ Eset \ nod32krn.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C: \ Programfiler \ Yahoo! \ Antivirus \ VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C: \ Programfiler \ Webroot \ Spy Sweeper \ SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE

**evilfantasy** · #2 28th September 2007, 17:55

Hi Tatjana, velkommen til TCF.

* Viktig *
Omdøp Hijackthis.exe fil til Analyze.exe. Dette er viktig fordi noen nye former for skadelig programvare kan gjemme fra HijackThis.exe. Høyreklikk HijackThis.exe filen i C: \ Program Files \ HijackThis og velg Gi nytt navn. Skriv inn Analyze.exe og trykke Enter.
Høyreklikk Analyze.exe fil og sende til skrivebordet for å opprette en snarvei.
============================
Det ser ut som du har mer enn én Antivirus installert. I så fall kan du gå til Legg til / fjern programmer og avinstallere alle bortsett fra én.
Etter mer enn ett antivirus er unødvendig og kan føre til konflikter.
============================
Deaktiver Spybot's TeaTimer.
Mens TeaTimer er et utmerket verktøy for forebygging av spyware, kan det noen ganger hindre våre verktøy fra fikse ting.
Deaktiver TeaTimer nå før du er ren. TeaTimer kan reaktiveres når loggene er rene.
* Åpne Spybot Search & Destroy.
* I menyen Modus klikk "Avansert modus"Hvis det ikke allerede er valgt.
* Velg "Ja"På Advarsel ledeteksten.
* Utvid "Verktøy"-Menyen.
* Klikk "Resident".
* Fjern "Resident "TeaTimer" (Protection of total system innstillinger) aktiv."Boksen.
* I Fil-menyen klikker du "Avslutt"For å avslutte Spybot Search & Destroy.
+ Du kan reaktivere TeaTimer når vi er ferdig.
=============================
Last ned ATF Cleaner av Atribune. Dette vil hjelpe noen skanner løpe raskere. ATF Cleaner.exe Dette programmet krever ikke installasjon. Den kjørbare faktisk kjører programmet.

MERK: ATF Cleaner vil fjerne alle filene fra elementer som er kontrollert så hvis du har noen cookies du vil lagre. Må du flytte dem til en annen katalog først.
* Dobbeltklikk ATF-Cleaner.exe å kjøre programmet.
* Under Main velge: Velg alle
* Klikk Empty Selected knappen.

Hvis du bruker Firefox Leseren
* Klikk Firefox øverst og velge: Velg alle
* Klikk Tom Utvalg.
MERK: Hvis du vil beholde det lagrede passord, kan du klikke Nei ved ledeteksten.

Hvis du bruker Opera Leseren
* Klikk Opera øverst og velge: Velg alle
* Klikk Empty Selected knappen.
MERK: Hvis du vil beholde det lagrede passord, kan du klikke Nei ved ledeteksten.

Klikk Avslutt på Hovedlisten ATF Cleaner menyen for å lukke programmet.
===============================
1. Last ned denne filen combofix.exe
2. Dobbeltklikk combofix.exe og følg instruksjonene.
3. Når du er ferdig, skal produsere en logg for deg. Post denne loggen i din neste svar.

Merk:
Ikke mouseclick combofix's vinduet mens det kjører. Det kan føre til stall.
=====================================

I neste post kan du legge til:
Combofix log
En frisk og omdøpt HijackThis log

**evilfantasy** · #3 28th September 2007, 18:31

Også:
La meg vite hvordan ting er nå.

**guccijana** · #4 29th September 2007, 22:23

Hi evilfantasy-thx for raskt svar .. min datamaskin kjører svært sakte, og det tok timer innlegg dette .. Jeg gjorde det du ba meg avinstallert antivirus-nod32, spysweeper og Yahoo online beskyttelse ..

i vedlagt combofix logg og her er hijackthis logg.

Logfile of HijackThis v1.99.1
Scan lagret 1:11:41 AM, on 9/30/2007
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programfiler \ CIFPFiltering \ FilterService.exe
C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Programfiler \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programfiler \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programfiler \ BroadJump \ Client Foundation \ CFD.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ Programfiler \ Yahoo! \ Yahoo! Musikk Motor \ ymetray.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Programfiler \ QuickTime \ QTTask.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ system32 \ WTablet \ TabUserW.exe
C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HijackThis \ Analyze.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"), (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ DEFAULT \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"), (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ DEFAULT \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Programfiler \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programfiler \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Programfiler \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Programfiler \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Programfiler \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Programfiler \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ progra ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Programfiler \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Personsøker] "c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe" stille
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Skuff Icon.lnk = C: \ Programfiler \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Programfiler \ Pantone COLORVISION \ Startup ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ system32 \ WTablet \ TabUserW.exe
O9 - Extra knappen: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Extra knappen: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fil mangler)
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer klasse) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O21 - SSODL: mssql - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (D5B03680-8880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (fil mangler)
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (fil mangler)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Programfiler \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Tilkobling Service (AOL ACS) - America Online, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Hurtigtast Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - Brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Programfiler \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Programfiler \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Merking Service (LightScribeService) - Unknown owner - C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c: \ progra ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe

**evilfantasy** · #5 30nde Sep 2007, 00:49

Åpne HijackThis og velg "Gjør et søk"Og setter et merke ved siden av disse oppføringene.
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O9 - Extra knappen: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Extra knappen: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fil mangler)
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
Lukk alle webleservinduer inkludert denne en og klikk "Fix kontrolleres"
Start datamaskinen, og legg en frisk HijackThis logg.

Fortell meg hvordan ting er nå.

**guccijana** · #6 30nde Sep 2007, 08:16

helllo, Ahh datamaskinen min endelig har ikke irriterende vinduer popper opp advarsler, og de tre virusskanningen ikonene som var installert på datamaskinen, er også borte, yeeeah ..

Ser ut som alt er tilbake til normalen, den røde bakgrunnen er også borte. Her er loggen.

Logfile of HijackThis v1.99.1
Scan lagret 11:03:37, på 9/30/2007
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Programfiler \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programfiler \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programfiler \ BroadJump \ Client Foundation \ CFD.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programfiler \ Yahoo! \ Yahoo! Musikk Motor \ ymetray.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programfiler \ CIFPFiltering \ FilterService.exe
C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
C: \ Programfiler \ QuickTime \ QTTask.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ system32 \ WTablet \ TabUserW.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ HijackThis \ Analyze.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"), (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ DEFAULT \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"), (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ DEFAULT \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Programfiler \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: MSVPS System - (88418AA3-16F5-4FC2-A9D8-90B1266DF841) - C: \ WINDOWS \ nsduo.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programfiler \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Programfiler \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Programfiler \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Programfiler \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Programfiler \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ progra ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Programfiler \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Personsøker] "c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe" stille
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Skuff Icon.lnk = C: \ Programfiler \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Programfiler \ Pantone COLORVISION \ Startup ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ system32 \ WTablet \ TabUserW.exe
O9 - Extra knappen: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer klasse) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll
O21 - SSODL: mssql - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Programfiler \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Tilkobling Service (AOL ACS) - America Online, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Hurtigtast Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - Brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Programfiler \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Programfiler \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Merking Service (LightScribeService) - Unknown owner - C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c: \ progra ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe

**evilfantasy** · #7 30nde Sep 2007, 08:35

Glad ting er bedre. Men det er fortsatt noen nasties til adressen.

Slett kopien av Combofix du har, og laste ned en ny kopi.
Combofix oppdateringer hele tiden så det er alltid godt å få en ny kopi.

1. Last ned denne filen combofix.exe
2. Dobbeltklikk combofix.exe og følg instruksjonene.
3. Når du er ferdig, skal produsere en logg for deg. Post denne loggen i din neste svaret.

Merk:
Ikke mouseclick combofix's vinduet mens det kjører. Det kan føre til stall.

I neste post kan du legge til som vedlegg. Du kan legge til mer enn ett vedlegg, bare gjenta fremgangsmåten:
Combofix log
Fresh HJT logg

**guccijana** · #8 30nde Sep 2007, 09:03

Hei, jeg prøvde å klikke på combofix.exe lenke, men dette er hva som kom opp
404 Not Found

Den forespurte nettadressen '/ ubåter / combofix.exe' ble ikke funnet på denne serveren.

**evilfantasy** · #9 30nde Sep 2007, 09:12

Takk. Jeg har endret min link.

Her er et godt nedlasting. Combofix.exe

**guccijana** · #10 30nde Sep 2007, 12:50

Hallo, ja at koblingen virker, takk ... rød bakgrunn kom tilbake: (og også gjorde ikonene og popup vinduer .. anyway her er combofix og HJT logg.

Logfile of HijackThis v1.99.1
Scan lagret 3:37:03 PM, on 9/30/2007
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programfiler \ CIFPFiltering \ FilterService.exe
C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Programfiler \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programfiler \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programfiler \ BroadJump \ Client Foundation \ CFD.exe
C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ Programfiler \ Yahoo! \ Yahoo! Musikk Motor \ ymetray.exe
C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Programfiler \ QuickTime \ QTTask.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ system32 \ WTablet \ TabUserW.exe
C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HijackThis \ Analyze.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"), (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ DEFAULT \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"), (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ DEFAULT \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Programfiler \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programfiler \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Programfiler \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Programfiler \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Programfiler \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Programfiler \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ progra ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Programfiler \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Personsøker] "c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe" stille
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Skuff Icon.lnk = C: \ Programfiler \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Programfiler \ Pantone COLORVISION \ Startup ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ system32 \ WTablet \ TabUserW.exe
O9 - Extra knappen: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer klasse) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O21 - SSODL: mssql - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (fil mangler)
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (fil mangler)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Programfiler \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Programfiler \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Tilkobling Service (AOL ACS) - America Online, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Programfiler \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Hurtigtast Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - Brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Programfiler \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Programfiler \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Programfiler \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Merking Service (LightScribeService) - Unknown owner - C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c: \ progra ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe

PS Jeg prøvde knytter HJT logg, men det vil ikke feste, beklager!

Lignende Tråder
Tråd	Tråd startet	Forum	Svar	Siste innlegg
Deteksjon av Trojan.Zlob.G - Haster - Please Help!	teenee23	Virus, spionprogrammer og sikkerhet	14	19 mars 2009 07:45
Hvilke problemer får du med Trojan.Zlob	hopthwoks	Virus, spionprogrammer og sikkerhet	1	10 mars 2009 11:45
Smitfraud-C Han vil ikke dø!	PlatSpin	Virus, spionprogrammer og sikkerhet	13	19 august 2008 10:24
Smitfraud Virus	PK28	Virus, spionprogrammer og sikkerhet	12	5 feb 2008 16:17
Smitfraud-c.msvps	guccijana	Virus, spionprogrammer og sikkerhet	158	30 januar 2008 20:07