Gå til innhold

» Data » IKT-drift og sikkerhet

[LØST] Hjelp til å fjerne malware (med logger)

fjellrypa

Av fjellrypa
11. september 2008 i IKT-drift og sikkerhet

Anbefalte innlegg

fjellrypa

fjellrypa

Skrevet 11. september 2008

- Del

Skrevet 11. september 2008 (endret)

Jeg har hatt MS Antivirus 2008 på maskinen, og tross mange runder med diverse anti-malware har jeg ikke blitt kvitt det. Når har jeg fulgt "oppskriften" i en av postene her, og har generert følgende logger:

Malwarebytes

alwarebytes' Anti-Malware 1.28

Database versjon: 1137

Windows 5.1.2600 Service Pack 3

11.09.2008 06:38:14

mbam-log-2008-09-11 (06-38-14).txt

Skanntype: Rask Skann

Objekter skannet: 42668

Tid tilbakelagt: 36 minute(s), 9 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

Combofix:

ComboFix 08-09-10.02 - e 2008-09-11 7:21:32.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.204 [GMT 2:00]

Running from: C:\Documents and Settings\e\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\actskn43.ocx

C:\xcrashdump.dat

.

((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))

.

2008-09-11 07:16 . 2008-09-11 07:16 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-09-10 23:49 . 2008-09-11 06:39 <DIR> dr-h----- C:\Documents and Settings\e\Siste

2008-09-10 23:28 . 2008-09-10 23:34 <DIR> d-------- C:\Programfiler\CCleaner

2008-09-08 17:05 . 2008-09-11 06:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-09-08 17:05 . 2008-09-08 17:05 1,409 --a------ C:\WINDOWS\QTFont.for

2008-09-07 21:30 . 2008-09-11 00:11 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-09-07 21:30 . 2008-09-07 21:30 <DIR> d-------- C:\Documents and Settings\e\Programdata\Malwarebytes

2008-09-07 21:30 . 2008-09-07 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-07 21:30 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-07 21:30 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-26 21:03 . 2008-08-26 21:03 <DIR> d-------- C:\Documents and Settings\e\Programdata\Lavasoft

2008-08-26 20:58 . 2008-09-11 03:31 <DIR> d-------- C:\Programfiler\Spyware Doctor

2008-08-26 20:58 . 2008-08-26 20:58 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Webroot

2008-08-26 20:58 . 2008-08-26 20:58 <DIR> d-------- C:\Documents and Settings\e\Programdata\PC Tools

2008-08-26 20:58 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2008-08-26 20:58 . 2008-09-09 21:25 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-08-26 20:58 . 2008-09-09 21:25 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-08-26 20:58 . 2008-09-09 21:25 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-08-26 20:58 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-08-26 20:58 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2008-08-26 20:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2008-08-26 20:58 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys

2008-08-26 20:57 . 2008-08-26 20:57 <DIR> d-------- C:\Programfiler\Webroot

2008-08-26 20:57 . 2008-08-26 20:57 <DIR> d-------- C:\Programfiler\TeaTimer (Spybot - Search & Destroy)

2008-08-26 20:57 . 2008-08-26 20:57 <DIR> d-------- C:\Documents and Settings\e\Programdata\Webroot

2008-08-26 20:57 . 2008-08-26 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Webroot

2008-08-26 20:57 . 2008-08-26 20:57 164 --a--c--- C:\install.dat

2008-08-26 20:55 . 2008-08-26 20:57 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-08-26 20:55 . 2008-08-26 20:55 <DIR> d-------- C:\Programfiler\Lavasoft

2008-08-26 20:55 . 2008-08-27 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-26 20:54 . 2008-08-27 10:42 <DIR> d-------- C:\Programfiler\SpywareBlaster

2008-08-26 20:54 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-08-26 20:50 . 2008-08-26 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Prevx

2008-08-26 20:42 . 2008-08-26 20:42 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-08-26 20:42 . 2008-08-27 18:06 <DIR> d-------- C:\Programfiler\Hitman Pro

2008-08-25 23:20 . 2008-08-27 10:22 <DIR> d-------- C:\Programfiler\Enigma Software Group

2008-08-24 21:04 . 2008-09-11 07:16 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-08-22 22:50 . 2008-08-22 22:50 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP

2008-08-22 21:20 . 2008-08-22 21:20 <DIR> d-------- C:\Programfiler\Windows Sidebar

2008-08-22 21:19 . 2008-08-23 08:13 <DIR> d-------- C:\Programfiler\Norton 360 Premier Edition

2008-08-22 21:17 . 2008-08-22 22:35 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-08-22 21:17 . 2008-08-22 22:35 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-08-22 21:17 . 2008-08-22 22:35 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-08-22 21:17 . 2008-08-22 22:35 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-08-22 21:16 . 2008-08-22 22:35 <DIR> d-------- C:\Programfiler\Symantec

2008-08-22 21:10 . 2008-09-11 07:18 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-08-22 21:07 . 2008-08-22 22:44 <DIR> d-------- C:\Documents and Settings\e\Programdata\Symantec

2008-08-22 21:01 . 2008-08-22 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

2008-08-14 15:51 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-14 15:50 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-30 18:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-08-13 20:55 --------- d-----w C:\Programfiler\dl_Cats

2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll

2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]

@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"

[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]

2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]

@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"

[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]

2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]

@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"

[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]

2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]

"MMTray"="C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-01 114688]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 196608]

"HPHmon03"="C:\WINDOWS\System32\hphmon03.exe" [2003-01-30 311296]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 178312]

"Norman ZANDA"="C:\Norman\NVC\BIN\ZLH.EXE" [2003-11-27 90112]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 267064]

"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-02-18 51048]

"osCheck"="C:\Programfiler\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512]

"ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-09-09 1168264]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-02-02 C:\WINDOWS\SOUNDMAN.EXE]

"PCTVOICE"="pctspk.exe" [2003-11-07 C:\WINDOWS\system32\pctspk.exe]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-10-31 169472]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\WINDOWS\\system32\\dlcfcoms.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]

R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2004-01-06 72064]

S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2003-01-30 18864]

*Newly Created Service* - COMHOST

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-mmtask - c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.aftenposten.no/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Settings,ProxyOverride = <local>

O15 -: Trusted Zone: stella.unimicro.no

O16 -: {326D11F0-549E-41B7-97FE-4406A8DCB431} - hxxps://stella.unimicro.no/apps/van/7MVanClient.cab

C:\WINDOWS\Downloaded Program Files\SMSProxy.inf

C:\WINDOWS\Downloaded Program Files\SMSProxy.dll

O16 -: {BE802BB2-5BAF-4C9D-B85C-A7D8B530D2F3} - hxxps://stella.unimicro.no/apps/sso/7MSSOAx.cab

C:\WINDOWS\Downloaded Program Files\SMSSSOAx.inf

C:\WINDOWS\Downloaded Program Files\SMSSSOAx.dll

O16 -: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} - hxxp://eurofoto.no/activex/ImageUploader3.cab

C:\WINDOWS\Downloaded Program Files\ImageUploader3.inf

C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-11 07:31:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-11 7:35:22

ComboFix-quarantined-files.txt 2008-09-11 05:35:15

Pre-Run: 10,071,863,296 byte ledig

Post-Run: 10,071,539,712 byte ledig

195 --- E O F --- 2008-09-11 01:00:42

HiJAckThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:55:00, on 11.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\dlcfcoms.exe

C:\Norman\NVC\BIN\Zanda.exe

C:\Programfiler\Spyware Doctor\pctsAuxs.exe

C:\Programfiler\Spyware Doctor\pctsSvc.exe

C:\Programfiler\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\System32\hphmon03.exe

C:\Programfiler\Java\jre1.5.0_12\bin\jusched.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Norman\NVC\BIN\ZLH.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Logitech\MouseWare\system\em_exec.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Programfiler\Java\jre1.5.0_12\bin\jucheck.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\e\Skrivebord\Tredje.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftenposten.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_12\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_12\bin\jusched.exe"

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\NVC\BIN\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton 360 Premier Edition\osCheck.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Programfiler\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://adsl.online.no

O15 - Trusted Zone: stella.unimicro.no

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/d...ntrol_en_US.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {326D11F0-549E-41B7-97FE-4406A8DCB431} (SMSProxy Object) - https://stella.unimicro.no/apps/van/7MVanClient.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lau-henriksen.spaces.live.com//Phot...ad/MsnPUpld.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lau-henriksen.spaces.live.com/Photo...ad/MsnPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://stella.unimicro.no/apps/ts/msrdp.cab

O16 - DPF: {BE802BB2-5BAF-4C9D-B85C-A7D8B530D2F3} (SSOAx Object) - https://stella.unimicro.no/apps/sso/7MSSOAx.cab

O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.no/activex/ImageUploader3.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

--

End of file - 10896 bytes

Er jeg kvitt alt nå, eller hva skal jeg gjøre videre?

Endret 12. september 2008 av fjellrypa

Lenke til kommentar

Videoannonse

Annonse

r2d290

r2d290

Skrevet 11. september 2008

- Del

Skrevet 11. september 2008 (endret)

Det ser ut til at du har, eller har hatt to antivirusprogrammer: norton og norman. Bestem deg for å beholde et av dem, og avinstaller det andre... Å ha to sanntids-beskyttende program samtidig, kan føre til uønskede konflikter, og hvert av programmene kan begynne å fungere dårligere.

spysweeper, spywaredoctor og spyware s&d kan du avinstallere fra legg til/fjern programmer. Malwarebytes antimalware gjør en god nok jobb

Du bør oppdatere Java

Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du

blir infisert igjen. Det ser ut til at din verjson av Java er utdatert

Oppdatere Java:

Trykk på følgende link, og last ned nyeste versjon av Java:http://java.com/en/download/index.jsp

[*]Gå til Start > Kontrollpanel > Legg til/fjern programmer.

[*]Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... )

Alle disse versjonene bør ha dette bildet foran:

Velg alle du finner, og trykk på Fjern

[*]Deretter installerer du den Java-versjonen som du lastet ned i starten.

Fortell hvordan det gikk med oppdateringen, da problemer med oppdatering kan indikere flere malware på systemet ditt.

Start HijackThis

Velg: Do a systemscan only

Sett en hake i boksene foran disse linjene:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked.

Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette.

Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg:

Start HijackThis

Velg: Do a systemscan, and save a logfile

Post denne loggen i din neste post.

Endret 11. september 2008 av r2d290

Lenke til kommentar

fjellrypa

fjellrypa

Skrevet 12. september 2008

Forfatter

- Del

Skrevet 12. september 2008

Takk for tips. Da har jeg prøvd å følge instruksjonene dine, r2d290. Jeg har problemer med å få slettet Norman. Går inn via kontrollpanel og fjern/endre, men når jeg velger Norman og trykker på knappen der det står fjern/endre så skjer det absolutt ingenting. De andre programmene fikk jeg fjernet uten problem

Jeg er også litt usikker på om den nye Java-versjonen ble korrekt installert. Fikk ingen feilmeldinger, i alle fall.

Her er den nye HJT loggen:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:14:42, on 12.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\dlcfcoms.exe

C:\Norman\NVC\BIN\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Programfiler\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\hphmon03.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Norman\NVC\BIN\ZLH.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\e\Skrivebord\Tredje.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\iPod\bin\iPodService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftenposten.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\NVC\BIN\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton 360 Premier Edition\osCheck.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://adsl.online.no

O15 - Trusted Zone: stella.unimicro.no

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/d...ntrol_en_US.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {326D11F0-549E-41B7-97FE-4406A8DCB431} (SMSProxy Object) - https://stella.unimicro.no/apps/van/7MVanClient.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lau-henriksen.spaces.live.com//Phot...ad/MsnPUpld.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lau-henriksen.spaces.live.com/Photo...ad/MsnPUpld.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://stella.unimicro.no/apps/ts/msrdp.cab

O16 - DPF: {BE802BB2-5BAF-4C9D-B85C-A7D8B530D2F3} (SSOAx Object) - https://stella.unimicro.no/apps/sso/7MSSOAx.cab

O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.no/activex/ImageUploader3.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 9545 bytes

Lenke til kommentar

r2d290

r2d290

Skrevet 12. september 2008

- Del

Skrevet 12. september 2008

Prøv denne veiledningen for å avinstallere norman: http://www.norman.com/Support/Knowledge_ba...ion/11640/en-us

Altså punkt nr. 2

Java ble oppdatert, og filene jeg nevnte, er nå ryddet vekk.

Merker du noen fler problemer med maskinen?

Lenke til kommentar

fjellrypa

fjellrypa

Skrevet 12. september 2008

Forfatter

- Del

Skrevet 12. september 2008

Da er Norman også borte! :yes:

Jeg merker ingen helt konkrete problemer, men synes fortsatt at ting går litt tregt. Det kan i og for seg bare være det trådløse nettet, det er i alle fall mye bedre enn det var.

Tusen hjertlig takk for hjelpen!

Lenke til kommentar

r2d290

r2d290

Skrevet 12. september 2008

- Del

Skrevet 12. september 2008 (endret)

Hvis maskinen i seg selv går tregt, er det diverse ting som kan gjøres. Hvis det er nettsurfing trådløst som går tregt, kan du se om det er raskere hvis du kopler deg til med tråd, eller sammenlikne nett-hastigheten med andre trådløse pc-er som er like langt unna routeren...

Gi tilbakemelding hvis du vil ha mer info om litt småpuss på pc-en

Combofix må avinstalleres.

Gå til Start > Kjør

Skriv følgende i boksen:

combofix /u

PS: legg merke til mellomrommet mellom X og /u

Trykk Enter.

Denne kommandoen vil:

Fjerne følgende:
- ComboFix og dets tilhørende filer og mapper.
  VundoFix backups, hvis de eksisterer.
  Mappen C:\Deckard, hvis den eksisterer
  Mappen C:\OtMoveIt, hvis den eksisterer
[*] Nullstille klokke-instillingene.

[*] Skjule filetternavn hvis det er nødvendig.

[*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

[*] Nullstille systemgjennoprettingspunkter.

Du kan avinstallere HijackThis:

Start HijackThis, velg None of the above, just start the program.

Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert.

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

Eks: [LØST] Har fått virus på maskinen

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

-Surf trygt-

Endret 12. september 2008 av r2d290

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Populær nå
- Skal man selv avbryte sykemelding om man blir bedre under sykemelding? Selv om arbeidsgiver er grunnen 1 2
  
  Av Gjest b7a66...cc2, 15 timer siden i Jobb og karriere
  - 38 svar
  - 587 visninger
- Marius Borg Høiby og vold 1 2 3 4 66
  
  Av Gargantua, 15. august i Media
  - 1 301 svar
  - 63 922 visninger
Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...