Gå till innehåll

hhanni

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    1

  • Gick med

  • Besökte senast

 Innehållstyp 

Allt postat av hhanni

  1. hhanni
    hm, jag har också fått ett sånt virus, malware lyckades jag ta bort själv. Cecilia här är en DDS-logg DDS (Ver_09-12-01.01) - NTFSx86 Run by gare at 10:06:35,20 on 2010-01-07 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1015.544 [GMT 1:00] AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning enabled* (Outdated) {832E7172-E406-4bb2-8B19-6D29F2C93A98} AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\Explorer.EXE C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program\Microsoft Office\Office12\GrooveMonitor.exe C:\Program\Java\jre6\bin\jusched.exe C:\Program\PC Tools AntiVirus\PCTAV.exe C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Electronic Arts\EADM\Core.exe C:\DOCUME~1\GARE~1\LOKALA~1\Temp\settdebugx.exe C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe C:\DOCUME~1\GARE~1\LOKALA~1\Temp\wscsvc32.exe C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\PC Tools AntiVirus\PCTAVSvc.exe C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Windows Live\Toolbar\wltuser.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\ägare\Skrivbord\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://facebook.se/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program\bitcomet\tools\BitCometBHO_1.2.8.7.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [EA Core] "c:\program\electronic arts\eadm\Core.exe" -silent uRun: [settdebugx.exe] c:\docume~1\gare~1\lokala~1\temp\settdebugx.exe uRun: [Malware Defense] "c:\program\malware defense\mdefense.exe" -noscan mRun: [soundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] c:\program\analog devices\soundmax\Smax4.exe /tray mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [GrooveMonitor] "c:\program\microsoft office\office12\GrooveMonitor.exe" mRun: [EPSON Stylus C48 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48" mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe" mRun: [PCTAVApp] "c:\program\pc tools antivirus\PCTAV.exe" /MONITORSCAN mRun: [QlbCtrl.exe] c:\program\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\gare~1\start-~1\program\autost~1\skrmur~1.lnk - c:\program\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bttray.lnk - c:\program\widcomm\bluetooth software\BTTray.exe IE: &D&ownload &with BitComet - c:\program\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xportera till Microsoft Excel - c:\program\micros~2\office12\EXCEL.EXE/3000 IE: Skicka till &Bluetooth-enhet... - c:\program\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program\widcomm\bluetooth software\btsendto_ie.htm IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office12\REFIEBAR.DLL LSP: c:\program\delade filer\pc tools\lsp\PCTLsp.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225903211231 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-10 130936] R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2008-11-25 21904] R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program\pc tools antivirus\PCTAVSvc.exe [2008-11-25 826600] R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2008-11-25 28560] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-11-5 88192] =============== Created Last 30 ================ 2010-01-07 09:01:13 0 d--h--r- c:\documents and settings\ägare\Recent 2010-01-07 07:46:51 856 ----a-w- c:\windows\system32\krl32mainweq.dll 2010-01-07 07:35:25 55056 ---ha-w- c:\windows\system32\mlfcache.dat 2010-01-03 14:30:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-01-03 14:30:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-01-03 14:29:38 0 d-----w- c:\program\iPod 2010-01-03 14:29:31 0 d-----w- c:\program\iTunes 2010-01-03 14:29:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-01-03 14:28:50 0 d-----w- c:\program\Bonjour 2010-01-03 14:26:41 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-01-03 14:26:41 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-01-03 14:25:43 0 d-----w- c:\program\delade filer\Apple ==================== Find3M ==================== 2010-01-07 08:55:18 80260 ----a-w- c:\windows\system32\perfc01D.dat 2010-01-07 08:55:18 437918 ----a-w- c:\windows\system32\perfh01D.dat 2010-01-07 08:50:02 4980736 ---ha-w- c:\documents and settings\ägare\NTUSER.DAT 2009-10-29 07:44:35 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:40:44 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:40:44 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-13 10:38:09 270848 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:40:17 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:40:17 150016 ----a-w- c:\windows\system32\rastls.dll 2008-11-06 11:41:42 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008102720081103\index.dat 2008-11-06 11:41:42 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008110620081107\index.dat ============= FINISH: 10:07:36,96 ===============
×
×
  • Skapa nytt...