Marketscore knowl .. - PCHemma

Forum » Virusakuten » AntimalwareGuru hjälper dig! » Marketscore knowl ..

Visa det senaste inlägget

Marketscore knowl .. / av siigge

siigge Registrerad 2008-07-09 Poster: 116 Från N/A
	Rapportera #1 2009-12-01 kl 14:31
	Hej !. Jo, undrar hur jag kan ta bort en trojan som heter Marketscore Relevant Knowledge. Den gick inte att ta bort med Spyboot då svaret blev ( cant create file) "C $:\$ Windows\wininit.ini." F. Securety upptäcker inte det så det kanske inte är något skadligt ?. mvh/siigge

AntimalwareGuru Registrerad 2008-07-09 Poster: 595 Från N/A
	Rapportera #2 2009-12-01 kl 17:47
	Du kan posta en hijackthis logg så ser man om det finns något problem.Spara HJTInstall.exe på skrivbordet >klicka på filen >välj install och klicka på: "do a system scan and save logfile". Posta innehållet från txt filen som visas då.http://www.trendsecure.com/portal/en-US/_downl oad/HJTInstall.exe

siigge Registrerad 2008-07-09 Poster: 116 Från N/A
	Rapportera #3 2009-12-02 kl 11:06
	Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:00:37, on 2009-12-02Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.1882Boot mode: Normal Running processes:C $:\$ Windows\system32\taskeng.exeC $:\$ Windows\s ystem32\Dwm.exeC $:\$ Windows\Explorer.EXEC $:\$ Windows\syst em32\taskeng.exeC $:\$ Program Files\ASUS\EPU-4 Engine\FourEngine.exeC $:\$ Program Files\ASUS\AASP\1.00.67\aaCenter.exeC $:\$ Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXEC $:\$ Windows\RtHDVC pl.exeC $:\$ Program Files\ASUS\AI Suite\AiNap\AiNap.exeC $:\$ Program Files\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exeC $:\$ Program Files\RelevantKnowledge lvknlg.exeC $:\$ Windows\system32\wbem\unsecapp.exeC $:\$ Pro gram Files\Internet Explorer\iexplore.exeC $:\$ Program Files\Internet Explorer\iexplore.exeC $:\$ Windows\system32\SearchFilt erHost.exeC $:\$ Windows\system32\SearchProtocolHost.ex eC $:\$ Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.juicyaccess.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C $:\$ Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C $:\$ Program Files\Real\RealPlayer pbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C $:\$ Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C $:\$ Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C $:\$ Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C $:\$ Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C $:\$ Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C $:\$ Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\ swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C $:\$ Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C $:\$ Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C $:\$ Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C $:\$ Program Files\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C $:\$ Program Files\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [F-Secure Manager] "C $:\$ Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splashO4 - HKLM\..\Run: [F-Secure TNB] "C $:\$ Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSWO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Skytel] Skytel.exeO4 - HKLM\..\Run: [Ai Nap] "C $:\$ Program Files\ASUS\AI Suite\AiNap\AiNap.exe"O4 - HKLM\..\Run: [QFan Help] "C $:\$ Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"O4 - HKLM\..\Run: [Cpu Level Up help] C $:\$ Program Files\ASUS\AI Suite\CpuLevelUpHelp.exeO4 - HKCU\..\Run: [swg] C $:\$ Program Files\Google\GoogleToolbarNotifier\GoogleToolbarN otifier.exeO4 - HKCU\..\Run: [msnmsgr] "C $:\$ Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ASUS SmartDoctor] C $:\$ Program Files\ASUS\SmartDoctor\SmartDoctor.exe /startO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &ieSpell Options - res://C $:\$ Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: Check &Spelling - res://C $:\$ Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: Lookup on Merriam Webster - file://C $:\$ Program Files\ieSpell\Merriam Webster.HTMO8 - Extra context menu item: Lookup on Wikipedia - file://C $:\$ Program Files\ieSpell\wikipedia.HTMO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C $:\$ Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C $:\$ Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C $:\$ Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C $:\$ Program Files\ieSpell\iespell.dllO9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C $:\$ Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C $:\$ Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C $:\$ Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C $:\$ Program Files\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.i nfo.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/downloa d/scanner/sv-se/wlscctrl2.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/g p.cabO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C $:\$ Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C $:\$ Windows\system32\ATKFUSService.exeO23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C $:\$ Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exeO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C $:\$ Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exeO23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C $:\$ Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exeO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C $:\$ Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exeO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C $:\$ Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXEO23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C $:\$ Program Files\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exeO23 - Service: Tjänsten Google Update (gupdate1c9cd8957cc1ab9) (gupdate1c9cd8957cc1ab9) - Google Inc. - C $:\$ Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C $:\$ Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C $:\$ Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NMSAccessU - Unknown owner - C $:\$ Program Files\CDBurnerXP\NMSAccessU.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C $:\$ Windows\system32 vvsvc.exeO23 - Service: PnkBstrA - Unknown owner - C $:\$ Windows\system32\PnkBstrA.exeO23 - Service: RelevantKnowledge - TMRG, Inc. - C $:\$ Program Files\RelevantKnowledge lservice.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C $:\$ Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C $:\$ Program Files\NVIDIA Corporation\3D Vision vSCPAPISvr.exe --End of file - 9133 bytes ------------------------------------------------- ------------------------------------------------- ------- Hoppas det blev rätt så. mvh/siigge

AntimalwareGuru Registrerad 2008-07-09 Poster: 595 Från N/A
	Rapportera #4 2009-12-02 kl 17:43
	Vad gäller C $:\$ Windows\wininit.ini så tolkar jag det som att filen inte kan öppnas/skannas men att filen är legitim Gör en snabb scan med Malwarebytes Antimalware, ta bort det som hittas av programmet, posta den loggen som visas då. http://www.malwarebytes.org/mbam/program/mbam-set up.exe

siigge Registrerad 2008-07-09 Poster: 116 Från N/A
	Rapportera #5 2009-12-02 kl 19:49
	Malwarebytes' Anti-Malware 1.41Databasversion: 3279Windows 6.0.6002 Service Pack 2 2009-12-02 19:50:40mbam-log-2009-12-02 (19-50-40).txt Skanningstyp: Fullständig skanning (C $:\$ \|)Antal skannade objekt: 206387Förfluten tid: 34 minute(s), 55 second(s) Infekterade minnesprocesser: 2Infekterade minnesmoduler: 1Infekterade registernycklar: 10Infekterade registervärden: 1Infekterade registerdataposter: 1Infekterade mappar: 1Infekterade filer: 5 Infekterade minnesprocesser:C $:\$ Program Files\RelevantKnowledge lservice.exe (Spyware.MarketScore) -> Unloaded process successfully.C $:\$ Program Files\RelevantKnowledge lvknlg.exe (Spyware.MarketScore) -> Unloaded process successfully. Infekterade minnesmoduler:C $:\$ Program Files\RelevantKnowledge lls.dll (Spyware.MarketScore) -> Delete on reboot. Infekterade registernycklar:HKEY_CURRENT_USER\SOFTWARE\Micros oft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06 178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb- 46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb- 46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows\CurrentVersion\Ext\Stats\{5617eca9-488d- 4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8- 4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0 cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0 cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows\CurrentVersion\Ext\Settings\{5617eca9-48 8d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58 a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78 -4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. Infekterade registervärden:HKEY_CURRENT_USER\SOFTWARE\Microso ft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8 562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. Infekterade registerdataposter:HKEY_CURRENT_USER\SOFTWARE\Mic rosoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://home.juicyaccess.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. Infekterade mappar:C $:\$ Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot. Infekterade filer:C $:\$ Program Files\RelevantKnowledge lls.dll (Spyware.MarketScore) -> Delete on reboot.C $:\$ Program Files\RelevantKnowledge lls.dll_old (Spyware.MarketScore) -> Quarantined and deleted successfully.C $:\$ Program Files\RelevantKnowledge loci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.C $:\$ Program Files\RelevantKnowledge lservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.C $:\$ Program Files\RelevantKnowledge lvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.--------- mvh/siigge

AntimalwareGuru Registrerad 2008-07-09 Poster: 595 Från N/A
	Rapportera #6 2009-12-02 kl 20:43
	Härmed bör ditt problem vara åtgärdat

siigge Registrerad 2008-07-09 Poster: 116 Från N/A
	Rapportera #7 2009-12-02 kl 21:53
	Toppen!. Återstår att bocka och buga för hjälpen denna gång. mvh/siigge

Inte inloggad

Logga in Bli medlem

Läs mer

Senaste
Mest läst
Mest kommenterat

Programtips: Apple Safari 5.1.7 (programtips)
Programtips: Tweetdeck 1.4 (programtips)
LG:s första 4G-telefon med HD... (nyheter)
Programtips: Evernote 4.5.6 (programtips)
Programtips: Snapseed 1.1 (programtips)
HP storsatsar med 20 nya datorer (nyheter)
Stänger Microsoft ute Firefox... (nyheter)
Motorola Xoom 2 är här (artiklar)
Lenovo-datorer i miniformat (nyheter)
Dell satsar på Linux - igen (nyheter)

Kom in i diskussionen

Detta innehåll är skapat av PC Hemmas besökare

Test: HP Officejet 4500

1 kommentar

andy1n2: 695 kr är priset denna vecka i vår butik i lilla Köping

Forum

Detta innehåll är skapat av PC Hemmas medlemmar.

hittar inte andra datorer och min NAS i... (Nätverk)
Fick bra hjälp med datorproblem i Göteborg (Öppet forum)
Facebook - Hur gör man för att gå ur? (Övrigt)
Produktnyckel tll XP?? (Windows 95/98/Me/XP/Vista)
Grafikkort Sony Vaio (Grafik och ljud)
Skulle någon hjälpa mig bygga en gaming pc? (Datorer)
Irriterande!!!! Hjälp! (Datorer)
Registret (Öppet forum)
Trådlöst med Telia (Nätverk)
Datorn strular (Datorer)

Tester

Senaste
Mest läst
Mest kommenterat

Test: Intel Core i7-3770K
2012-04-24 20:54
Test: Samsung Galaxy SII LTE I9210
2012-04-23 18:47
Test: Western digital My Book Live duo
2012-04-19 09:36
Test: Compulab Fit-PC3-PRO W7
2012-04-18 13:26
Test: LaCie 5 Big Network V2
2012-04-12 14:46

Artikelkommentarer

Test: HP Officejet 4500
2012-05-11 10:15 Tester 1 kommentarer
Installera en webbkamera
2012-04-30 19:04 Guider 5 kommentarer
Pixma iP4950 - ny fotoskrivare från Canon
2012-04-25 21:03 Nyheter 2 kommentarer
Test: Asus P8Z68-V LX
2012-04-13 13:41 Tester 3 kommentarer
Sony avråder från Android 4
2012-04-07 11:23 Nyheter 9 kommentarer
Test: Apple Ipad
2012-04-06 21:32 Tester 4 kommentarer

© Egmont Tidskrifter