norbat Skrevet 19. september 2007 Del Skrevet 19. september 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgendel linje og klikk Fix checked: O4 - HKCU\..\Run: [Eser] "C:\WINDOWS\CROSOF~1.NET\mmc.exe" -vt yazb Hvis følgende linje ikke er kjent, fjerner du den også: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/ Hvordan kjører forøvrig PC-en? Lenke til kommentar
Marius2k Skrevet 20. september 2007 Del Skrevet 20. september 2007 (endret) Klikk for å se/fjerne innholdet nedenfor HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:10, on 20.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\DAEMON Tools\daemon.exe C:\Programfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\Logitech\G-series Software\LCDMon.exe D:\AAWTray.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe D:\Program Files\Steam.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Ventrilo\Ventrilo.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\msiexec.exe D:\SUPERAntiSpyware.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programfiler\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [Virus Scan] protect.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\RivaTuner v2.0 Final Release\RivaTuner.exe" /S O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AAWTray] D:\AAWTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Program Files\Steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [blazeServoTool] "C:\Programfiler\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programfiler\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programfiler\Desktop Sidebar\sbhelp.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\aawservice.exe O23 - Service: app_filter - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Spyware Doctor\swdsvc.exe -- End of file - 7357 bytes Venter på SAS:) ' Sånn ser Ctrl alt del ut atm: Ctrl+alt+del Endret 20. september 2007 av Marius2k Lenke til kommentar
norbat Skrevet 20. september 2007 Del Skrevet 20. september 2007 Hei, marius2k, Post også en ny HJT-logg etter at SAS har fått kjørt ferdig. Lenke til kommentar
Marius2k Skrevet 20. september 2007 Del Skrevet 20. september 2007 Hei, marius2k,Post også en ny HJT-logg etter at SAS har fått kjørt ferdig. 9537163[/snapback] Hallo. den er grei., Sjekk Ctrl alt delete Picet da:) Lenke til kommentar
norbat Skrevet 20. september 2007 Del Skrevet 20. september 2007 Hva skal det ligge der. Virker som det er noe feil på siden? Lenke til kommentar
Marius2k Skrevet 20. september 2007 Del Skrevet 20. september 2007 (endret) Der vett:) Etter SAS btw: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:56:56, on 20.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\DAEMON Tools\daemon.exe C:\Programfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\Logitech\G-series Software\LCDMon.exe D:\AAWTray.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe D:\Program Files\Steam.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programfiler\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe D:\SUPERAntiSpyware.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Ventrilo\Ventrilo.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programfiler\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [Virus Scan] protect.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\RivaTuner v2.0 Final Release\RivaTuner.exe" /S O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AAWTray] D:\AAWTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Program Files\Steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [blazeServoTool] "C:\Programfiler\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programfiler\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programfiler\Desktop Sidebar\sbhelp.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\aawservice.exe O23 - Service: app_filter - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Spyware Doctor\swdsvc.exe -- End of file - 7129 bytes Endret 20. september 2007 av Marius2k Lenke til kommentar
norbat Skrevet 20. september 2007 Del Skrevet 20. september 2007 (endret) Denne linja skurrer litt: O4 - HKLM\..\Run: [Virus Scan] protect.exe Vet du hva det er? Hvis ikke kunne du ha prøvd å sjekke den fil (hvis den finnes). Den vil antakelig ligge i windows\system\ eller windows\system32\ - mappa. Det du gjør er å gå til følgende nettsted: http://virusscan.jotti.org/ Øverst på siden kan du laste opp filer for sjekk. Gjør det på protect.exe fila. Den vil som nevnt antakelig ligge på windows\system\protect.exe eller windows\system32\protect.exe Finner du den ikke, kan det hende at du må slå på 'Vis skjulte filer og mapper' (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Finner du den fortsatt ikke, kan du prøve å søke etter den. Hvis du fortsatt ikke finner den, vil jeg tro at du bare fjerner den vha. hjt (kjør programmer, velg "Do a system scan only", sette merke framfor linja og klikk Fix checked) Har i tillegg villet kjørt Combofix: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix. (vanligvis c:\combofix.txt) Endret 20. september 2007 av norbat Lenke til kommentar
toffaen Skrevet 21. september 2007 Del Skrevet 21. september 2007 (endret) Hei Jeg instalerte en "vista klokke" på xp-home og opplevde at den lagde rare lyder og ikke lot seg bli slettet. Systemgjenopretting gikk ikke og det gikk ikke an og fjerne den fra oppstarten på "msconfig". Jeg ble hjulpet av flinke folk her inne på forumet og prøvd mye rare greier men ingenting fungerte, helt til jeg fikk beskjed om å opprette en ny brukerkonto i sikkerhetsmodus å slette den gamle etter jeg hadde logget meg inn på den nye. Da så jeg aldri noe mer til klokken og PC-en var som normal igjen! Legger med en logg fra hijackthis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:51:10, on 22.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Dell AIO Printer A960\dlbfbmgr.exe C:\Programfiler\Apoint\Apoint.exe C:\WINDOWS\system32\CTFMON.EXE C:\Programfiler\Dell AIO Printer A960\dlbfbmon.exe C:\Programfiler\Dell Support\DSAgnt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Belkin\Bluetooth-programvare\BTTray.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Apoint\HidFind.exe C:\Programfiler\Apoint\Apntex.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Programfiler\Dell AIO Printer A960\dlbfbmgr.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Programfiler\Dell Support\DSAgnt.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9596 bytes MVH Kristoffer G. Endret 21. september 2007 av toffaen Lenke til kommentar
norbat Skrevet 22. september 2007 Del Skrevet 22. september 2007 Loggen din ser fin ut Ligger dette programmet på PC-en ennå? (bruk søkfunksjonen i windows) Hvis, så sletter du disse. Du kunne også kjørt en sjekk med Combofix: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) Lenke til kommentar
toffaen Skrevet 22. september 2007 Del Skrevet 22. september 2007 (endret) Loggen din ser fin ut Ligger dette programmet på PC-en ennå? (bruk søkfunksjonen i windows) Hvis, så sletter du disse. Du kunne også kjørt en sjekk med Combofix: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) 9547726[/snapback] det gikk fint an å fjerne det fra pc`en nå Kjørte også ComboFix. Legger med loggen: Klikk for å se/fjerne innholdet nedenfor ComboFix 07-09-21.2 - "kristoffer" 2007-09-22 16:38:49.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1559 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 ))))))))))))))))))))))))))))))) . 2007-09-22 16:36 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-22 03:14 <DIR> d-------- C:\DOCUME~1\KRISTO~1.KRI\Contacts 2007-09-22 02:29 <DIR> d-------- C:\DOCUME~1\KRISTO~1.KRI\PROGRA~1\Apple Computer 2007-09-22 02:19 <DIR> dr------- C:\DOCUME~1\KRISTO~1.KRI\Mine dokumenter 2007-09-22 02:19 <DIR> dr------- C:\DOCUME~1\KRISTO~1.KRI\Favoritter 2007-09-22 02:19 <DIR> d--h----- C:\DOCUME~1\KRISTO~1.KRI\Maler 2007-09-22 02:19 <DIR> d--h----- C:\DOCUME~1\KRISTO~1.KRI\Lokale innstillinger 2007-09-22 02:19 <DIR> d--h----- C:\DOCUME~1\KRISTO~1.KRI\AndrMask 2007-09-22 02:19 <DIR> d-------- C:\DOCUME~1\KRISTO~1.KRI\PROGRA~1\Logitech 2007-09-22 02:19 <DIR> d-------- C:\DOCUME~1\KRISTO~1.KRI\PROGRA~1\Intel 2007-09-22 02:19 <DIR> d-------- C:\DOCUME~1\KRISTO~1.KRI\PROGRA~1\Gtek 2007-09-22 02:18 <DIR> dr-h----- C:\DOCUME~1\KRISTO~1.KRI\Siste 2007-09-22 02:18 <DIR> dr-h----- C:\DOCUME~1\KRISTO~1.KRI\Programdata 2007-09-22 02:18 <DIR> dr------- C:\DOCUME~1\KRISTO~1.KRI\Start-meny 2007-09-22 02:18 <DIR> d--h----- C:\DOCUME~1\KRISTO~1.KRI\Skrivere 2007-09-22 02:18 <DIR> d-------- C:\DOCUME~1\KRISTO~1.KRI\Skrivebord 2007-09-22 00:50 <DIR> d-------- C:\Programfiler\Trend Micro 2007-09-19 18:37 <DIR> d-------- C:\Programfiler\Broadcom 2007-09-16 22:20 <DIR> d-------- C:\Programfiler\Rockstar Games 2007-09-10 22:55 <DIR> d-------- C:\Programfiler\Schneider Electric 2007-09-10 00:10 95,511 -ra------ C:\WINDOWS\system32\Vxdif.dll 2007-09-10 00:10 113,847 -ra------ C:\WINDOWS\system32\drivers\Apfiltr.sys 2007-09-10 00:10 <DIR> d-------- C:\Programfiler\Apoint 2007-09-09 13:11 197,120 --a------ C:\WINDOWS\system32\Freakin Screensaver.scr 2007-09-09 13:11 <DIR> d-------- C:\WINDOWS\system32\Freakin Screensaver dir 2007-08-30 19:55 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-08-30 18:55 <DIR> d-------- C:\Downloads 2007-08-30 17:07 <DIR> d-------- C:\Programfiler\BitComet 2007-08-29 23:34 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe 2007-08-29 23:32 <DIR> d-------- C:\Programfiler\Logitech 2007-08-29 23:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Logitech 2007-08-29 16:47 <DIR> d-------- C:\Programfiler\Dell AIO Printer A960 2007-08-29 16:47 <DIR> d-------- C:\Programfiler\Dell A960 2007-08-29 16:47 <DIR> d-------- C:\DOCUME~1\KRISTO~1\WINDOWS 2007-08-29 12:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2007-08-29 12:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-08-24 14:29 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-08-24 14:29 <DIR> d-------- C:\Programfiler\Dell 2007-08-22 20:51 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2007-08-22 20:51 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2007-08-22 20:51 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2007-08-22 20:51 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2007-08-22 20:51 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2007-08-22 20:51 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2007-08-22 20:51 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2007-08-22 20:51 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-20 00:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Help 2007-09-19 18:38 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-09-15 17:59 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys 2007-09-09 10:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Skype 2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-11 15:25 --------- d-------- C:\Programfiler\TryMedia . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "Dell AIO Printer A960"="C:\Programfiler\Dell AIO Printer A960\dlbfbmgr.exe" [2003-11-19 08:47] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2005-10-07 14:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "DellSupport"="C:\Programfiler\Dell Support\DSAgnt.exe" [2005-05-15 02:04] C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\ BTTray.lnk - C:\Programfiler\Belkin\Bluetooth-programvare\BTTray.exe [2005-08-24 14:06:54] Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-30 19:56:03] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-08-29 23:32:56] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Analogue Vista Clock] C:\Programfiler\Analogue Vista Clock\Analogue Vista Clock.exe R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys . Contents of the 'Scheduled Tasks' folder "2007-09-20 18:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-22 16:42:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4] . Completion time: 2007-09-22 16:43:46 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-22 16:43 . --- E O F --- Det som står i slike logger fårstår jeg fint lite av, så du kan vel fortelle meg hva som står? Endret 22. september 2007 av toffaen Lenke til kommentar
norbat Skrevet 22. september 2007 Del Skrevet 22. september 2007 Kjør gjerne en runde med Combofix og post loggen den lager. Lenke til kommentar
toffaen Skrevet 22. september 2007 Del Skrevet 22. september 2007 Kjør gjerne en runde med Combofix og post loggen den lager. 9549653[/snapback] ja, loggen la jeg i forrige post si meg hva som skjer... Lenke til kommentar
norbat Skrevet 22. september 2007 Del Skrevet 22. september 2007 Det du gjør er følgende: 1. Kopier det som står i fet tekst under og lim det inn i notisblokken: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Analogue Vista Clock] 2. Lagre fila som clock.reg og legg den på skrivebordet. 3. Dobbeltklikk på clock.reg fila og si ja til å legge til informasjonen Restart PC-en Lenke til kommentar
toffaen Skrevet 22. september 2007 Del Skrevet 22. september 2007 Det du gjør er følgende: 1. Kopier det som står i fet tekst under og lim det inn i notisblokken: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Analogue Vista Clock] 2. Lagre fila som clock.reg og legg den på skrivebordet. 3. Dobbeltklikk på clock.reg fila og si ja til å legge til informasjonen Restart PC-en 9549987[/snapback] Har gjort det nå.. Hva gjorde jeg nå egentli? Lenke til kommentar
norbat Skrevet 22. september 2007 Del Skrevet 22. september 2007 Du slettet en registeroppføring knyttet til den Vista Clocka du tidligere innstallerte. Lenke til kommentar
toffaen Skrevet 22. september 2007 Del Skrevet 22. september 2007 Du slettet en registeroppføring knyttet til den Vista Clocka du tidligere innstallerte. 9550202[/snapback] ok Så nå er alt helt ok da regner jeg med Takk for hjelpen! Lenke til kommentar
norbat Skrevet 22. september 2007 Del Skrevet 22. september 2007 Loggene dine viser ingen tegn på noen infeksjoner. Det er allikevel lurt å kjøre en scan med antivirus / antispyware programmet ditt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå