fjellrypa Skrevet 11. september 2008 Del Skrevet 11. september 2008 (endret) Jeg har hatt MS Antivirus 2008 på maskinen, og tross mange runder med diverse anti-malware har jeg ikke blitt kvitt det. Når har jeg fulgt "oppskriften" i en av postene her, og har generert følgende logger: Malwarebytes alwarebytes' Anti-Malware 1.28 Database versjon: 1137 Windows 5.1.2600 Service Pack 3 11.09.2008 06:38:14 mbam-log-2008-09-11 (06-38-14).txt Skanntype: Rask Skann Objekter skannet: 42668 Tid tilbakelagt: 36 minute(s), 9 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix: ComboFix 08-09-10.02 - e 2008-09-11 7:21:32.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.204 [GMT 2:00] Running from: C:\Documents and Settings\e\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\actskn43.ocx C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))) . 2008-09-11 07:16 . 2008-09-11 07:16 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS 2008-09-10 23:49 . 2008-09-11 06:39 <DIR> dr-h----- C:\Documents and Settings\e\Siste 2008-09-10 23:28 . 2008-09-10 23:34 <DIR> d-------- C:\Programfiler\CCleaner 2008-09-08 17:05 . 2008-09-11 06:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-08 17:05 . 2008-09-08 17:05 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-07 21:30 . 2008-09-11 00:11 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-09-07 21:30 . 2008-09-07 21:30 <DIR> d-------- C:\Documents and Settings\e\Programdata\Malwarebytes 2008-09-07 21:30 . 2008-09-07 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-09-07 21:30 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-07 21:30 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-26 21:03 . 2008-08-26 21:03 <DIR> d-------- C:\Documents and Settings\e\Programdata\Lavasoft 2008-08-26 20:58 . 2008-09-11 03:31 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-08-26 20:58 . 2008-08-26 20:58 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Webroot 2008-08-26 20:58 . 2008-08-26 20:58 <DIR> d-------- C:\Documents and Settings\e\Programdata\PC Tools 2008-08-26 20:58 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2008-08-26 20:58 . 2008-09-09 21:25 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-26 20:58 . 2008-09-09 21:25 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-26 20:58 . 2008-09-09 21:25 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-26 20:58 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-26 20:58 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2008-08-26 20:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2008-08-26 20:58 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2008-08-26 20:57 . 2008-08-26 20:57 <DIR> d-------- C:\Programfiler\Webroot 2008-08-26 20:57 . 2008-08-26 20:57 <DIR> d-------- C:\Programfiler\TeaTimer (Spybot - Search & Destroy) 2008-08-26 20:57 . 2008-08-26 20:57 <DIR> d-------- C:\Documents and Settings\e\Programdata\Webroot 2008-08-26 20:57 . 2008-08-26 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Webroot 2008-08-26 20:57 . 2008-08-26 20:57 164 --a--c--- C:\install.dat 2008-08-26 20:55 . 2008-08-26 20:57 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-08-26 20:55 . 2008-08-26 20:55 <DIR> d-------- C:\Programfiler\Lavasoft 2008-08-26 20:55 . 2008-08-27 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-08-26 20:54 . 2008-08-27 10:42 <DIR> d-------- C:\Programfiler\SpywareBlaster 2008-08-26 20:54 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-08-26 20:50 . 2008-08-26 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Prevx 2008-08-26 20:42 . 2008-08-26 20:42 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-08-26 20:42 . 2008-08-27 18:06 <DIR> d-------- C:\Programfiler\Hitman Pro 2008-08-25 23:20 . 2008-08-27 10:22 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-08-24 21:04 . 2008-09-11 07:16 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-22 22:50 . 2008-08-22 22:50 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP 2008-08-22 21:20 . 2008-08-22 21:20 <DIR> d-------- C:\Programfiler\Windows Sidebar 2008-08-22 21:19 . 2008-08-23 08:13 <DIR> d-------- C:\Programfiler\Norton 360 Premier Edition 2008-08-22 21:17 . 2008-08-22 22:35 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-08-22 21:17 . 2008-08-22 22:35 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-08-22 21:17 . 2008-08-22 22:35 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-08-22 21:17 . 2008-08-22 22:35 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-08-22 21:16 . 2008-08-22 22:35 <DIR> d-------- C:\Programfiler\Symantec 2008-08-22 21:10 . 2008-09-11 07:18 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-08-22 21:07 . 2008-08-22 22:44 <DIR> d-------- C:\Documents and Settings\e\Programdata\Symantec 2008-08-22 21:01 . 2008-08-22 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files 2008-08-14 15:51 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-14 15:50 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-30 18:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-08-13 20:55 --------- d-----w C:\Programfiler\dl_Cats 2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll 2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872] "MMTray"="C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-01 114688] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 196608] "HPHmon03"="C:\WINDOWS\System32\hphmon03.exe" [2003-01-30 311296] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 178312] "Norman ZANDA"="C:\Norman\NVC\BIN\ZLH.EXE" [2003-11-27 90112] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 267064] "DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-02-18 51048] "osCheck"="C:\Programfiler\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512] "ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-09-09 1168264] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe] "SoundMan"="SOUNDMAN.EXE" [2004-02-02 C:\WINDOWS\SOUNDMAN.EXE] "PCTVOICE"="pctspk.exe" [2003-11-07 C:\WINDOWS\system32\pctspk.exe] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-10-31 169472] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.DVSD"= pdvcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\system32\\dlcfcoms.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe [2008-02-18 149352] R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888] R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2004-01-06 72064] S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2003-01-30 18864] *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKLM-Run-mmtask - c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.aftenposten.no/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Settings,ProxyOverride = <local> O15 -: Trusted Zone: stella.unimicro.no O16 -: {326D11F0-549E-41B7-97FE-4406A8DCB431} - hxxps://stella.unimicro.no/apps/van/7MVanClient.cab C:\WINDOWS\Downloaded Program Files\SMSProxy.inf C:\WINDOWS\Downloaded Program Files\SMSProxy.dll O16 -: {BE802BB2-5BAF-4C9D-B85C-A7D8B530D2F3} - hxxps://stella.unimicro.no/apps/sso/7MSSOAx.cab C:\WINDOWS\Downloaded Program Files\SMSSSOAx.inf C:\WINDOWS\Downloaded Program Files\SMSSSOAx.dll O16 -: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} - hxxp://eurofoto.no/activex/ImageUploader3.cab C:\WINDOWS\Downloaded Program Files\ImageUploader3.inf C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-11 07:31:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-11 7:35:22 ComboFix-quarantined-files.txt 2008-09-11 05:35:15 Pre-Run: 10,071,863,296 byte ledig Post-Run: 10,071,539,712 byte ledig 195 --- E O F --- 2008-09-11 01:00:42 HiJAckThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:55:00, on 11.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\dlcfcoms.exe C:\Norman\NVC\BIN\Zanda.exe C:\Programfiler\Spyware Doctor\pctsAuxs.exe C:\Programfiler\Spyware Doctor\pctsSvc.exe C:\Programfiler\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\pctspk.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\System32\hphmon03.exe C:\Programfiler\Java\jre1.5.0_12\bin\jusched.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Norman\NVC\BIN\ZLH.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Logitech\MouseWare\system\em_exec.exe C:\Programfiler\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Java\jre1.5.0_12\bin\jucheck.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\e\Skrivebord\Tredje.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftenposten.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_12\bin\jusched.exe" O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\NVC\BIN\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton 360 Premier Edition\osCheck.exe" O4 - HKLM\..\Run: [iSTray] "C:\Programfiler\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://adsl.online.no O15 - Trusted Zone: stella.unimicro.no O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/d...ntrol_en_US.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {326D11F0-549E-41B7-97FE-4406A8DCB431} (SMSProxy Object) - https://stella.unimicro.no/apps/van/7MVanClient.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lau-henriksen.spaces.live.com//Phot...ad/MsnPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lau-henriksen.spaces.live.com/Photo...ad/MsnPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://stella.unimicro.no/apps/ts/msrdp.cab O16 - DPF: {BE802BB2-5BAF-4C9D-B85C-A7D8B530D2F3} (SSOAx Object) - https://stella.unimicro.no/apps/sso/7MSSOAx.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.no/activex/ImageUploader3.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 10896 bytes Er jeg kvitt alt nå, eller hva skal jeg gjøre videre? Endret 12. september 2008 av fjellrypa Lenke til kommentar
r2d290 Skrevet 11. september 2008 Del Skrevet 11. september 2008 (endret) Det ser ut til at du har, eller har hatt to antivirusprogrammer: norton og norman. Bestem deg for å beholde et av dem, og avinstaller det andre... Å ha to sanntids-beskyttende program samtidig, kan føre til uønskede konflikter, og hvert av programmene kan begynne å fungere dårligere. spysweeper, spywaredoctor og spyware s&d kan du avinstallere fra legg til/fjern programmer. Malwarebytes antimalware gjør en god nok jobb Du bør oppdatere Java Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen. Det ser ut til at din verjson av Java er utdatert Oppdatere Java: Trykk på følgende link, og last ned nyeste versjon av Java:http://java.com/en/download/index.jsp [*]Gå til Start > Kontrollpanel > Legg til/fjern programmer. [*]Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... ) Alle disse versjonene bør ha dette bildet foran: Velg alle du finner, og trykk på Fjern [*]Deretter installerer du den Java-versjonen som du lastet ned i starten. Fortell hvordan det gikk med oppdateringen, da problemer med oppdatering kan indikere flere malware på systemet ditt. Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Endret 11. september 2008 av r2d290 Lenke til kommentar
fjellrypa Skrevet 12. september 2008 Forfatter Del Skrevet 12. september 2008 Takk for tips. Da har jeg prøvd å følge instruksjonene dine, r2d290. Jeg har problemer med å få slettet Norman. Går inn via kontrollpanel og fjern/endre, men når jeg velger Norman og trykker på knappen der det står fjern/endre så skjer det absolutt ingenting. De andre programmene fikk jeg fjernet uten problem Jeg er også litt usikker på om den nye Java-versjonen ble korrekt installert. Fikk ingen feilmeldinger, i alle fall. Her er den nye HJT loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:14:42, on 12.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\dlcfcoms.exe C:\Norman\NVC\BIN\Zanda.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\pctspk.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Programfiler\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\hphmon03.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Norman\NVC\BIN\ZLH.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\e\Skrivebord\Tredje.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iPod\bin\iPodService.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftenposten.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\NVC\BIN\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton 360 Premier Edition\osCheck.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://adsl.online.no O15 - Trusted Zone: stella.unimicro.no O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/d...ntrol_en_US.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {326D11F0-549E-41B7-97FE-4406A8DCB431} (SMSProxy Object) - https://stella.unimicro.no/apps/van/7MVanClient.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lau-henriksen.spaces.live.com//Phot...ad/MsnPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lau-henriksen.spaces.live.com/Photo...ad/MsnPUpld.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://stella.unimicro.no/apps/ts/msrdp.cab O16 - DPF: {BE802BB2-5BAF-4C9D-B85C-A7D8B530D2F3} (SSOAx Object) - https://stella.unimicro.no/apps/sso/7MSSOAx.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.no/activex/ImageUploader3.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 9545 bytes Lenke til kommentar
r2d290 Skrevet 12. september 2008 Del Skrevet 12. september 2008 Prøv denne veiledningen for å avinstallere norman: http://www.norman.com/Support/Knowledge_ba...ion/11640/en-us Altså punkt nr. 2 Java ble oppdatert, og filene jeg nevnte, er nå ryddet vekk. Merker du noen fler problemer med maskinen? Lenke til kommentar
fjellrypa Skrevet 12. september 2008 Forfatter Del Skrevet 12. september 2008 Da er Norman også borte! Jeg merker ingen helt konkrete problemer, men synes fortsatt at ting går litt tregt. Det kan i og for seg bare være det trådløse nettet, det er i alle fall mye bedre enn det var. Tusen hjertlig takk for hjelpen! Lenke til kommentar
r2d290 Skrevet 12. september 2008 Del Skrevet 12. september 2008 (endret) Hvis maskinen i seg selv går tregt, er det diverse ting som kan gjøres. Hvis det er nettsurfing trådløst som går tregt, kan du se om det er raskere hvis du kopler deg til med tråd, eller sammenlikne nett-hastigheten med andre trådløse pc-er som er like langt unna routeren... Gi tilbakemelding hvis du vil ha mer info om litt småpuss på pc-en Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /uPS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Du kan avinstallere HijackThis: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Endret 12. september 2008 av r2d290 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå