Just nu i M3-nätverket
Gå till innehåll

MSN VIRUS "haha msnmedia.ohost.de/video.php?="


EldRaven

Rekommendera Poster

Dum som man var så klickade man på en länk som en kompis skickade över och vipps så satt man i klistret. Det som jag märkt av är att när jag har msn uppe så skickar programmet iväg en massa meddelanden ( http:\\msnmedia.ohost.de/video.php?= ). Men det är bara när jag har msn i gång. Även att hela datorn går i segt som bara den! Har testat att köra Ad-aware i felsäkert läge och även att återställa datorn till en tidigare punkt.

 

Men det verkar fortfarande vara kvar. Någon som kan hjälpa mig att bli av med det?

 

EDIT: tog bort http:// för att ingen skulle klicka ^^

Mvh // Sebastian

 

[inlägget ändrat 2008-11-25 17:01:53 av EldRaven]

Länk till kommentar
Dela på andra webbplatser

Sådär, jag har aldrig förstått hur HijackThis funkar eller vad man kan läsa utav det. Men här kommer loggen iaf!

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:19:32, on 2008-11-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\service.exe

C:\WINDOWS\system32\ctfmon.exe

E:\Program\DAEMON Tools Lite\daemon.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

E:\Recived\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Service] service.exe

O4 - HKLM\..\Run: [40582a8c] rundll32.exe "C:\WINDOWS\system32\jnwcedeb.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O20 - AppInit_DLLs: thdjco.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe

 

--

End of file - 3934 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

 

[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. [/log]

 

Länk till kommentar
Dela på andra webbplatser

[log]ComboFix 08-11-24.03 - Sebastian 2008-11-25 17:36:20.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.3052 [GMT 1:00]

Running from: e:\recived\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\admintxt.txt

c:\windows\service.exe

c:\windows\system32\bedecwnj.ini

c:\windows\system32\ddcAsrpQ.dll

c:\windows\system32\jnwcedeb.dll

c:\windows\system32\QprsAcdd.ini

c:\windows\system32\QprsAcdd.ini2

c:\windows\system32\ssqPgEts.dll

c:\windows\system32\thdjco.dll

c:\windows\system32\tmrpqlyg.dll

c:\windows\system32\vtUmLBuS.dll

c:\windows\Tasks\aaostanc.job

 

.

((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))

.

 

2008-11-25 16:36 . 2008-11-25 16:36 <KAT> d-------- c:\program\Lavasoft

2008-11-25 16:35 . 2008-11-25 16:37 <KAT> d-------- c:\windows\system32\NtmsData

2008-11-25 16:35 . 2008-11-25 16:35 <KAT> d-------- c:\program\Delade filer\Wise Installation Wizard

2008-11-25 16:09 . 2008-11-25 16:21 <KAT> d-------- c:\documents and settings\Administratör\Mallar

2008-11-25 16:09 . 2008-11-25 16:21 <KAT> d-------- c:\documents and settings\Administratör\Lokala inställningar

2008-11-25 16:09 . 2008-11-25 16:21 <KAT> d---s---- c:\documents and settings\Administratör

2008-11-25 03:17 . 2008-11-25 16:36 <KAT> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2008-11-24 16:40 . 2008-11-24 16:40 41,522 --a------ c:\documents and settings\Sebastian\javaplugin.exe

2008-11-23 14:00 . 2008-11-23 14:00 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-22 13:48 . 2008-11-22 14:12 <KAT> d-------- c:\program\Delade filer\Blizzard Entertainment

2008-11-20 20:57 . 2008-11-24 00:11 <KAT> d-------- c:\documents and settings\Sebastian\Application Data\My Games

2008-11-20 20:21 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll

2008-11-06 00:50 . 2008-11-14 11:37 16 --a------ c:\windows\tetris.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-25 15:54 --------- d-----w c:\program\Windows Live

2008-11-25 15:25 --------- d-----w c:\documents and settings\Sebastian\Application Data\uTorrent

2008-11-23 13:00 --------- d-----w c:\program\Java

2008-11-20 19:38 --------- d--h--w c:\program\InstallShield Installation Information

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-12 08:58 --------- d-----w c:\program\WinPcap

2008-10-11 16:08 2,829 ----a-w c:\windows\War3Unin.pif

2008-10-11 16:08 139,264 ----a-w c:\windows\War3Unin.exe

2008-10-09 17:22 --------- d-----w c:\documents and settings\Sebastian\Application Data\SPORE

2008-10-09 16:52 --------- d-----w c:\program\DAEMON Tools Toolbar

2008-10-09 15:59 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-09 15:59 --------- d-----w c:\documents and settings\Sebastian\Application Data\DAEMON Tools

2008-10-09 09:12 --------- d-----w c:\documents and settings\Sebastian\Application Data\DivX

2008-10-08 23:07 --------- d-----w c:\documents and settings\Sebastian\Application Data\Hamachi

2008-10-08 15:28 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys

2008-10-08 15:28 --------- d-----w c:\program\NOS

2008-10-08 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

2008-10-08 04:25 --------- d-----w c:\program\Delade filer\Adobe AIR

2008-10-08 04:25 --------- d-----w c:\program\Delade filer\Adobe

2008-10-07 15:19 --------- d-----w c:\documents and settings\Sebastian\Application Data\Ventrilo

2008-10-05 18:18 --------- d-----w c:\program\Windows Media Connect 2

2008-10-02 19:37 --------- d-----w c:\documents and settings\Sebastian\Application Data\HLSW

2008-10-01 12:15 --------- d-----w c:\program\Delade filer\Java

2008-10-01 00:49 --------- d-----w c:\documents and settings\Sebastian\Application Data\dvdcss

2008-09-30 14:58 --------- d-----w c:\documents and settings\Sebastian\Application Data\vlc

2008-09-30 01:12 --------- d-----w c:\documents and settings\Sebastian\Application Data\ATI

2008-09-30 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\ATI

2008-09-29 23:26 --------- dcsh--w c:\program\Delade filer\WindowsLiveInstaller

2008-09-29 23:24 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-09-29 18:05 --------- d-----w c:\program\Delade filer\InstallShield

2008-09-29 18:05 --------- d-----w c:\program\ATI Technologies

2008-09-25 20:30 --------- d-----w c:\program\D-Link

2008-09-25 20:30 --------- d-----w c:\documents and settings\Sebastian\Application Data\InstallShield

2008-09-25 18:41 --------- d-----w c:\program\microsoft frontpage

2008-09-25 18:40 --------- d-----w c:\program\Onlinetjänster

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-10-29 15360]

"DAEMON Tools Lite"="e:\program\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2008-11-23 136600]

"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-29 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=thdjco.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= e:\program\COMBIN~1\Filters\FFDShow\ff_vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Wireless Connection Manager.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Wireless Connection Manager.lnk

backup=c:\windows\pss\Wireless Connection Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^XFCE Menu (andLinux).lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\XFCE Menu (andLinux).lnk

backup=c:\windows\pss\XFCE Menu (andLinux).lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-08-08 13:11 490952 e:\program\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"s:\\Steam\\steamapps\\eldraven\\day of defeat source\\hl2.exe"=

"s:\\Steam\\steamapps\\eldraven\\counter-strike\\hl.exe"=

"e:\\Program\\uTorrent\\uTorrent.exe"=

"e:\\Program\\HLSW\\hlsw.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"s:\\Starcraft\\starcraft.exe"=

"s:\\Warcraft III\\war3.exe"=

"\\\\192.168.0.101\\spel (S)\\Starcraft\\Starcraft.exe"=

"s:\\Steam\\steamapps\\eldraven\\team fortress 2\\hl2.exe"=

"e:\\Program\\ratiomaster\\RatioMaster.exe"=

"s:\\Sid Meier's Civilization 4\\Civilization4.exe"=

"s:\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"s:\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"s:\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=

"s:\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"81:TCP"= 81:TCP:81 - TCP

"81:UDP"= 81:UDP:81 - UDP

 

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2008-09-25 57376]

R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-09-25 57344]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\DRIVERS\tap0801co.sys [2008-09-29 25856]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{6e85f7a4-f41c-43f6-adf4-31cf06b92032} - c:\windows\system32\thdjco.dll

BHO-{7FC793E3-2599-4E31-9806-1E7BFF68F894} - c:\windows\system32\vtUmLBuS.dll

BHO-{9E1971C8-46FA-40A3-B184-F31548C06A69} - c:\windows\system32\ddcAsrpQ.dll

ShellExecuteHooks-{7FC793E3-2599-4E31-9806-1E7BFF68F894} - c:\windows\system32\vtUmLBuS.dll

MSConfigStartUp-MsnMsgr - c:\program\Windows Live\Messenger\MsnMsgr.Exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\Sebastian\Application Data\Mozilla\Firefox\Profiles\x1wdott6.defaultFF -: plugin - c:\program\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\program\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - c:\program\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - e:\program\VideoLAN\VLC\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 17:38:46

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(940)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program\Lavasoft\Ad-Aware\aawservice.exe

c:\program\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Completion time: 2008-11-25 17:39:41 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-25 16:39:36

 

Pre-Run: 43 800 772 608 byte ledigt

Post-Run: 43,888,549,888 byte ledigt

 

175 --- E O F --- 2008-11-16 14:04:29

[/log]

 

Länk till kommentar
Dela på andra webbplatser

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:09:26, on 2008-11-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

E:\Program\DAEMON Tools Lite\daemon.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program\Mozilla Firefox\firefox.exe

E:\Recived\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O20 - AppInit_DLLs: thdjco.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe

 

--

End of file - 3545 bytes[/log]

 

Länk till kommentar
Dela på andra webbplatser

 

[log]Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O20 - AppInit_DLLs: thdjco.dll

 

sen ska det vara ok enligt loggar.

Har du ingen antivirus + brandvägg så installera gratisversion av bägge.[/log]

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...