Lauk Skrevet 5. mai 2007 Del Skrevet 5. mai 2007 Loggen ser grei ut den, Charamelo. Du kan imidlertid fjerne følgende linjer fra HJT-loggen: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - Startup: PowerReg Scheduler V3.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Var det bare en sjekk eller har du mistanke om noe? 8542776[/snapback] Nei, det var bare en sjekk, men det er greit å få gjort det. Takk for hjelpen Lenke til kommentar
Holten Skrevet 6. mai 2007 Del Skrevet 6. mai 2007 (endret) Kan noen sjekke HijackThis loggen min? Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 00:39:57, on 07.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Rundll32.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\UltraMon\UltraMon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\UltraMon\UltraMonTaskbar.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\SpeedFan\speedfan.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\DOCUME~1\JIMERL~1\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\JIMERL~1\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Jim Erlend\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ultraMon] "C:\Programfiler\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programfiler\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Programfiler\KSE\nHancer 32bit\nHancerService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\swdsvc.exe Ser dere noe dritt? Endret 10. mai 2007 av Heilage Lenke til kommentar
norbat Skrevet 7. mai 2007 Del Skrevet 7. mai 2007 Hei, Holten Loggen ser grei ut. Hvis du har installert 2 antivirusprogram (tyder på at du både har Avast og AVG), avinstallerer du det ene. Lenke til kommentar
Holten Skrevet 7. mai 2007 Del Skrevet 7. mai 2007 (endret) ok! Men, Apache? Er ikke det noe virus greier? Så sånn ut på tasklist.org Skal jeg avinstallere AVG eller Avast? EDIT: Merka med svart (apache) Endret 7. mai 2007 av Holten Lenke til kommentar
Gjest medlem-105082 Skrevet 7. mai 2007 Del Skrevet 7. mai 2007 (endret) Det bestemmer du helt selv. Behold det du liker best, de beskytter like godt begge to Endret 7. mai 2007 av medlem-105082 Lenke til kommentar
norbat Skrevet 7. mai 2007 Del Skrevet 7. mai 2007 (endret) Apache: Dette er knyttet til NVIDIA brannmuren og er IKKE et virus. Kjører som "Forceware Web Interface"-tjeneste (et brukergrensesnitt for å konfigurere brannmuren på hovedkortet ditt). Om dette er noe du ikke bruker kan den sikkert deaktiveres. Endret 7. mai 2007 av norbat Lenke til kommentar
mona14 Skrevet 9. mai 2007 Del Skrevet 9. mai 2007 (endret) Hijackthis; Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 19:35:50, on 09.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programfiler\Norton GoBack\GBPoll.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Toshiba\Windows Utilities\Hotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TOSHIBA\ConfigFree\NDSTray.exe C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe C:\Programfiler\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Norton GoBack\GBTray.exe C:\Programfiler\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Java\jre1.5.0_07\bin\jucheck.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\monapona\Skrivebord\Hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hamarungdom.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\msntb.dll O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programfiler\Toshiba\Windows Utilities\Hotkey.exe" /lang NO O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [DDWMon] C:\Programfiler\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programfiler\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton GoBack\GBTray.exe O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\msntb.dll/search.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\nb-no\msntabres.dll.mui/229?54bfac8f2c764fcd9f35fdface417280 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\nb-no\msntabres.dll.mui/230?54bfac8f2c764fcd9f35fdface417280 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton GoBack\GBPoll.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe SAS; Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 05/09/2007 at 08:22 PM Application Version : 3.7.1018 Core Rules Database Version : 3234 Trace Rules Database Version: 1245 Scan type : Complete Scan Total Scan Time : 00:44:36 Memory items scanned : 627 Memory threats detected : 2 Registry items scanned : 5132 Registry threats detected : 11 File items scanned : 30678 File threats detected : 19 Trojan.WinFixer C:\WINDOWS\SYSTEM32\PMNLK.DLL C:\WINDOWS\SYSTEM32\PMNLK.DLL HKLM\Software\Classes\CLSID\{C4C151F9-87CA-4793-A79E-5EBF0A97BA5F} HKCR\CLSID\{C4C151F9-87CA-4793-A79E-5EBF0A97BA5F} HKCR\CLSID\{C4C151F9-87CA-4793-A79E-5EBF0A97BA5F}\InprocServer32 HKCR\CLSID\{C4C151F9-87CA-4793-A79E-5EBF0A97BA5F}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4C151F9-87CA-4793-A79E-5EBF0A97BA5F} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnlk C:\WINDOWS\SYSTEM32\SSTQP.DLL Trojan.Downloader-CREW C:\WINDOWS\SYSTEM32\UNPKXKCN.DLL C:\WINDOWS\SYSTEM32\UNPKXKCN.DLL HKLM\Software\Classes\CLSID\{3368524F-5A9C-4B8C-8969-899F180A00F6} HKCR\CLSID\{3368524F-5A9C-4B8C-8969-899F180A00F6} HKCR\CLSID\{3368524F-5A9C-4B8C-8969-899F180A00F6}\InprocServer32 HKCR\CLSID\{3368524F-5A9C-4B8C-8969-899F180A00F6}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3368524F-5A9C-4B8C-8969-899F180A00F6} C:\SYSTEM VOLUME INFORMATION\_RESTORE{DBEF19D7-FF5C-4F28-9D15-3C588B8C1048}\RP8\A0003383.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{DBEF19D7-FF5C-4F28-9D15-3C588B8C1048}\RP8\A0003384.DLL Adware.Tracking Cookie C:\Documents and Settings\monapona\Cookies\monapona@cpvfeed[2].txt C:\Documents and Settings\monapona\Cookies\monapona@drivecleaner[2].txt C:\Documents and Settings\monapona\Cookies\[email protected][1].txt C:\Documents and Settings\monapona\Cookies\monapona@mediaplex[1].txt C:\Documents and Settings\monapona\Cookies\monapona@cgi-bin[1].txt C:\Documents and Settings\monapona\Cookies\[email protected][2].txt C:\Documents and Settings\monapona\Cookies\monapona@atdmt[2].txt C:\Documents and Settings\monapona\Cookies\[email protected][1].txt C:\Documents and Settings\monapona\Cookies\monapona@doubleclick[1].txt C:\Documents and Settings\monapona\Cookies\monapona@advertising[1].txt C:\Documents and Settings\monapona\Cookies\[email protected][2].txt C:\Documents and Settings\monapona\Cookies\monapona@tradedoubler[1].txt C:\Documents and Settings\monapona\Cookies\[email protected][1].txt C:\Documents and Settings\monapona\Cookies\[email protected][1].txt Endret 9. mai 2007 av mona14 Lenke til kommentar
norbat Skrevet 9. mai 2007 Del Skrevet 9. mai 2007 Hei, mona14 HJT-loggen ser grei ut. SAS fikk fjernet noe (evt. alt). Er det noe du opplever som problem? Lenke til kommentar
mona14 Skrevet 9. mai 2007 Del Skrevet 9. mai 2007 Hei, mona14 HJT-loggen ser grei ut. SAS fikk fjernet noe (evt. alt). Er det noe du opplever som problem? 8576990[/snapback] Hender seg det kommer opp pop up.. Lenke til kommentar
norbat Skrevet 9. mai 2007 Del Skrevet 9. mai 2007 Hender? En sjelden gang eller regelmessig hver dag. Hvilke type popups er det (reklame for noen spesifikke programmer e.l). Få høre.... Lenke til kommentar
Gjest Slettet+129837 Skrevet 9. mai 2007 Del Skrevet 9. mai 2007 Dette er min hiijackthis log Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 01:24:33, on 10.05.2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\Powerkey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1BX06HJ\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skolen.local:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WWW File Share Pro - LionMax Software - C:\Program Files\WWW File Share Pro\NTService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe Lenke til kommentar
Gunn@r Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 Når jeg starter Windows XP og har logget meg inn, så får jeg opp denne feilmeldingen: Jeg har søkt meg litt fram og kommet fram til at det er spyware!? Men åssen blir jeg kvitt det? Vil det funke å bare kjøre en virusscanning på harddisken? Har ikke PCen her akkurat nå, men vil ha muligheten om ett par dager å prøve en virusscanning. Ville bare høre om det var noen andre råd fra dere her inne, viss virusscanninga ikke skulle ta knekken på spywaren, om det da ER spyware... Lenke til kommentar
norbat Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 Hei, nilsrune Jeg tror det positive er at feilmeldinga kommer fordi den skadelige fila ikke finnes, men at det ligger en referanse til den som da gir denne meldingen. Kjør gjennom langversjonen i 1.post og post de loggene som det henvises til. Fint om du oppretter en egen post (Nytt Emne) der du legger loggene. Lenke til kommentar
Heilage Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 Da har jeg redigert en god del poster. Folkens, legg HJT-logger i skjul-tagger. Det sørger for god poststruktur. Dette burde legges inn i første post. Lenke til kommentar
mona14 Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 Hender? En sjelden gang eller regelmessig hver dag. Hvilke type popups er det (reklame for noen spesifikke programmer e.l). Få høre.... 8577458[/snapback] Ja, det kommer hver dag.. Ikke så ofte som før, men engang i blandt. Veit ikke helt vor langt tid det er i mellom hver men.. Noen ganger kommer det opp fra poker.com og noen ganger kommer det opp sider hvor nettsiden er masse tall, men det står bare at siden ikke kan vises. Noen ganger kommer det også opp en side med masse tall på verktøylinjen men det blir borte igjen etter noen sekunder. Det kommer også opp noe annet, men jeg usker ikke helt hva sidene er.. Lenke til kommentar
norbat Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 Mona14: Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' til det ikke finner flere feil. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Det lager en logg som du poster i en ny post som du oppretter ved å klikke "Nytt Emne". Lenke til kommentar
mona14 Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 Mona14:Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' til det ikke finner flere feil. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Det lager en logg som du poster i en ny post som du oppretter ved å klikke "Nytt Emne". 8584738[/snapback] Okej. Her er noen av vinduene som kommer opp; - http://www.usafis.org/?af=AFF_9175 - http://www.amaena.com/securityworm5/?lang=...b48fff834af167c På den CCleaner, hvor skal jeg trykke? Lenke til kommentar
norbat Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 CCleaner: Oppe til venstre står det 'Renser'. Når den er valgt, klikker du 'Kjør CCleaner'-knappen som du finner nede til høyre. Når rensingen er ferdig, klikker du på 'Saker'-knappen på venstre side. Klikk deretter på 'Søk etter feil'-knappen under det store hvite feltet til høyre. Når 'søket' er ferdig, klikker du på 'Reparer merkede feil..."-knappen Ved spørsmål om å lage en sikkerhetskopi, kan du svare nei Velg deretter 'Reparer alle merkede feil' og deretter OK Dette kan du gjøre noen ganger, helt til det ikke finner flere feil. Lenke til kommentar
mona14 Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 okej. men jeg tenkte på hvor og hva jeg skulle trykke når jeg skulle laste ned Lenke til kommentar
norbat Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 På siden du kommer til, klikker du på teksten "Download lates version" som du finner oppe på høyre side i vinduet. Etter få strakser vil nedlastingsvinduet komme fram. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå