pinngu Skrevet 3. april 2008 Del Skrevet 3. april 2008 Noen som kan sjekke om det er noe som ser galt ut her? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:13:52, on 03.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe C:\Programfiler\Xfire\xfire.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox 3 Beta 4\firefox.exe C:\Documents and Settings\Pingu\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Clean MemXP] C:\Programfiler\Clean MemXP\CleanMemXP9.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Last ned alle med FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Last ned med FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/no/no O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Programfiler\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: OneStep Search Service - Unknown owner - C:\Programfiler\OneStepSearch\onestep.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 8616 bytes Lenke til kommentar
r2d290 Skrevet 3. april 2008 Del Skrevet 3. april 2008 Går ut ifra et det er samme maskin som den du spør etter i en av postene du har laget nå nylig. Synes derfor vi bør fortsette der... Som uberninja skriver i posten din: gå gjennom langversonen til den første posten i denne tråden, og post loggene i din egen tråd Lenke til kommentar
pinngu Skrevet 4. april 2008 Del Skrevet 4. april 2008 Neida, dette er ikke samme maskin - dette er min private. Lenke til kommentar
r2d290 Skrevet 4. april 2008 Del Skrevet 4. april 2008 Skru av maskinen, skru den på igjen, og trykk mange ganger på f8 så du får opp en meny. Her skal du velge å gå inn i sirrehetsmodus. I sikkerhetsmodus: start hijackthis, sett hake foran følgende linje, og trykk fix checked: O23 - Service: OneStep Search Service - Unknown owner - C:\Programfiler\OneStepSearch\onestep.exe (file missing) restart tilbake til vanlig modus. Er det noe problem med maskinen, eller var det bare en sjekK? Lenke til kommentar
pinngu Skrevet 4. april 2008 Del Skrevet 4. april 2008 Det var i grunn bare en sjekk, har ikke hatt noen spesielle problemer bortsett fra at den er utrolig treg til tider. Lenke til kommentar
r2d290 Skrevet 4. april 2008 Del Skrevet 4. april 2008 Det er en del ting du kan gjøre for å gjøre maskinen din raskere... Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t" Kjør register-renser og"svar ja til og reparere" Defragmering kan være greit og gjøre. Følgende programmer gjør en mye bedre og raskere jobb enn den defragmenteringen som gjøres med windows. Auslogics Disk Defrag + Free Registry Defrag Prøv å bruke maskinen litt, og si om det ble noen forbedringer. Gi tilbakemelding! Ble den plutselig treg, eller gradvis? hvis den ble plutselig treg, kan du gjøre det som står i spoiler: Last ned og kjør Combofix. Følg veiledningen. Ikke trykk i vinduet mens den kjører (kan føre til at maskinen låser seg). Dette vil lage en logg som lagres i c:/combofix Denne loggen poster du. (En combofix kan gi mer info om hva som er problemet...) Lenke til kommentar
Haraldfo Skrevet 12. april 2008 Del Skrevet 12. april 2008 Hei. Har den siste tiden slitt litt med pcèn min, som ikke bare er unormalt treg men også låser til tider - spesielt ved explorer-bruk. I tillegg har jeg vært så lur å åpne en sånn msn-link-virus sak, noe som igjen har ført til at jeg har sendt ut slike virus-linker til andre igjen. Har kjørt en slik ComboFix-test, og her er loggen: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-11.8 - My lord 2008-04-12 16:58:19.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1392 [GMT 3:00] Running from: C:\Documents and Settings\My lord\Skrivebord\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))) . 2008-04-12 16:43 . 2008-04-12 16:43 <DIR> d-------- C:\WINDOWS\LastGood 2008-04-12 16:40 . 2008-04-12 16:42 <DIR> d-------- C:\Programfiler\Windows Live 2008-04-12 16:40 . 2008-04-12 16:42 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-04-12 16:39 . 2008-04-12 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-04-10 22:02 . 2008-04-10 22:02 <DIR> dr-h----- C:\Documents and Settings\NetworkService\Siste 2008-04-10 17:57 . 2008-04-10 17:57 <DIR> d-------- C:\Programfiler\LimeWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-12 13:36 --------- d-----w C:\Programfiler\MSN Messenger 2008-04-12 13:27 --------- d-----w C:\Programfiler\Norman 2008-04-11 16:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-11 16:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-10 18:49 --------- d-----w C:\Documents and Settings\My lord\Programdata\BearShare 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-08 14:11 --------- d-----w C:\Documents and Settings\My lord\Programdata\SopCast 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}] C:\WINDOWS\system32\nvms.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}] C:\WINDOWS\system32\msbe.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 13:55 68856] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 15:47 7311360] "nwiz"="nwiz.exe" [2005-11-11 15:47 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 15:47 86016] "CTHelper"="CTHELPER.EXE" [2005-06-18 09:01 16384 C:\WINDOWS\CTHELPER.EXE] "DPAgnt"="C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 19:24 913408] "type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 11:51 172032] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2004-06-03 11:50 204800] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 22:00 110592 C:\WINDOWS\system32\bthprops.cpl] "REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-05-15 01:22 35328] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-12-17 15:37 273520] "NPCTray"="C:\Programfiler\Norman\npc\bin\npc_tray.exe" [2007-09-17 15:29 126008] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\Belkin\Bluetooth Software\BTTray.exe [2003-09-16 19:14:28 499779] Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-03-04 18:20:22 294912] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ] C:\WINDOWS\system32\DPWLEvHd.dll 2004-10-13 19:29 102400 C:\WINDOWS\system32\DPWLEvHd.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Programfiler\\PPLive\\PPLive.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\PPMate\\PPMate\\ppmate.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-01-24 12:23] R1 NPROSEC;Norman Security driver;C:\Programfiler\Norman\Ngs\bin\nprosec.sys [2007-09-06 09:37] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\TDI_RD.SYS [2007-05-14 11:51] R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 NPFSvc32;Norman Personal Firewall Service;"C:\Programfiler\Norman\npf\bin\npfsvc32.exe" [2008-01-28 11:21] R2 NPROSECSVC;Norman Security service;"C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE" [2007-11-27 16:13] R2 NVOY;Norman's Very Own supplY of resources;"C:\Programfiler\Norman\npm\bin\nvoy.exe" [2008-01-22 16:04] R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2004-08-04 17:58] R3 NPC;Norman Parental Control;"C:\Programfiler\Norman\npc\bin\npcsvc32.exe" [2007-09-17 15:23] R3 NUAA;Norman User Activity Agent;"C:\Programfiler\Norman\npc\bin\nuaa.exe" [2007-09-17 15:22] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;"C:\Programfiler\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 15:36] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 12:41] R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2004-08-04 17:59] *Newly Created Service* - USNJSVC *Newly Created Service* - WLSETUPSVC . Contents of the 'Scheduled Tasks' folder "2008-04-12 13:39:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-12 17:00:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Programfiler\DigitalPersona\Bin\DpOFeedb.dll . Completion time: 2008-04-12 17:00:38 ComboFix-quarantined-files.txt 2008-04-12 14:00:33 Pre-Run: 209,983,905,792 byte ledig Post-Run: 209,970,839,552 byte ledig . 2008-04-08 20:55:52 --- E O F --- Kan dere eksperter hjelpe meg å tolke denne rapporten? Da hadde jeg blitt veldig takknemlig... Lenke til kommentar
r2d290 Skrevet 12. april 2008 Del Skrevet 12. april 2008 får du til en scan med hijackthis også? kjør kortversonen av følgende guide: https://www.diskusjon.no/index.php?showtopic=691246 Lenke til kommentar
Haraldfo Skrevet 12. april 2008 Del Skrevet 12. april 2008 Kan jeg selvfølgelig gjøre, og her er loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:34:56, on 12.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Belkin\Bluetooth Software\bin\btwdins.exe C:\Programfiler\DigitalPersona\Bin\DpHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\npc\bin\npcsvc32.exe C:\Programfiler\Norman\npc\bin\nuaa.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\CTHELPER.EXE C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\Belkin\Bluetooth Software\BTTray.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Norman\npf\bin\npfuser.exe C:\Programfiler\Windows Live\installer\WLSetupSvc.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\My lord\Skrivebord\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.111.12 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration Pacific Fighters.LNK = D:\registration_us\RegistrationReminder.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Exif Launcher 2.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE (file missing) O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Skype\Plugin Manager\Skype4COM.dll O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 11648 bytes Nå er jeg spent... Lenke til kommentar
norbat Skrevet 12. april 2008 Forfatter Del Skrevet 12. april 2008 Var ikke så mye å sette fingeren på i den loggen. Start hjt, velg "Do a system scan only", sett merke framfor linjene og klikk Fix checked): O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll (file missing) O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE (file missing) Du kan også kjøre en full scan med et antispywareprog. Anbefaler gratisversjonen til SAS. Før du kjører SAS, kan du rense ut temp-filer. Du kan bruke CCleaner. (Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.) Lenke til kommentar
Haraldfo Skrevet 12. april 2008 Del Skrevet 12. april 2008 (endret) Var ikke så mye å sette fingeren på i den loggen. Start hjt, velg "Do a system scan only", sett merke framfor linjene og klikk Fix checked): O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll (file missing) O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE (file missing) Du kan også kjøre en full scan med et antispywareprog. Anbefaler gratisversjonen til SAS. Før du kjører SAS, kan du rense ut temp-filer. Du kan bruke CCleaner. (Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.) Okey, da var dette gjort. Har også kjørt en runde med CCleaner og defragmentering, samt en scan med Norman (Ikke SAS). Satser på at dette gjør susen. Pcèn har i alle fall ikke låst seg de siste 2 timene... :!: Tusen takk for hjelpen, denne tråden var virkelig til hjelp for folk som ikke kan alt om datamaskiner... Endret 12. april 2008 av Haraldfo Lenke til kommentar
norbat Skrevet 12. april 2008 Forfatter Del Skrevet 12. april 2008 Bare hyggelig. Du får bare rope ut om problemet fortsetter. Lenke til kommentar
KolonP Skrevet 13. april 2008 Del Skrevet 13. april 2008 Hei, jeg synes pc-en har begynt å gå litt treigt i det siste, så tenkte kanskje det har noe med spyware å gjøre ... Kan noen se gjennom loggen? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:29:35, on 13.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATK0100\HControl.exe C:\Programfiler\Wireless Console 2\wcourier.exe C:\Programfiler\ASUS\ASUS Live Update\ALU.exe C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Atheros\ACU.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\WgaTray.exe C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\RECYCLER\rundll32.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe C:\Programfiler\Trend Micro\TrendSecure\TSCFCommander.exe C:\Programfiler\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\Programfiler\aMSN\bin\wish.exe C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe C:\Documents and Settings\dhbbhiu\Skrivebord\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Programfiler\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Programfiler\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ACU] C:\Programfiler\Atheros\ACU.exe -nogui O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [Power_Gear] C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Microsoft Help] C:\RECYCLER\rundll32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205095031109 O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Atheros konfigurasjonstjeneste (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Unknown owner - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing) O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programfiler\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing) -- End of file - 9523 bytes C:\RECYCLER\rundll32.exe Lenke til kommentar
norbat Skrevet 13. april 2008 Forfatter Del Skrevet 13. april 2008 (endret) KolonP Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) (Gjerne i en egen tråd du oppretter ved å klikke på Nytt Emne-knappen) Edit: -> https://www.diskusjon.no/index.php?showtopic=938798 Endret 13. april 2008 av norbat Lenke til kommentar
Troger Skrevet 16. april 2008 Del Skrevet 16. april 2008 Har lagt det som et eget emne https://www.diskusjon.no/index.php?showtopi...0#entry10968274 Lenke til kommentar
NaughtyLittleDoggie Skrevet 16. april 2008 Del Skrevet 16. april 2008 Jeg vet helt sikkert at jeg har fått virus eller noe på dataen... Uansett... håper dere kan hjelpe meg... Her er loggen! takk på forhånd! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:28, on 16.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [idleCash] "C:\ProgramData\ReadmeBinBin.je9hftw" O4 - HKCU\..\Run: [CAMP SHIM EXIT HECK] "C:\ProgramData\Tool Noun Base.sywmm" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE -- End of file - 7779 bytes Lenke til kommentar
r2d290 Skrevet 16. april 2008 Del Skrevet 16. april 2008 NaughtyLitleDog: kjør gjennom fullversonen av guiden i førsteposten i denne tråden. Loggene det blir spurt etter, legger du i en ny tråd, ved å klikke "NYTT EMNE" Lenke til kommentar
Haraldfo Skrevet 17. april 2008 Del Skrevet 17. april 2008 Hmm... fikk beskjed fra en kompis på MSN at han hadde mottatt enda en spam-link fra meg i dag. Trodde jeg var kvitt de greiene der, men tydeligvis ikke. Er det noe mer jeg kan gjøre for å bli kvitt denne irriterende svulsten når de testene jeg kjørte over her ikke gav noen svar? Lenke til kommentar
r2d290 Skrevet 17. april 2008 Del Skrevet 17. april 2008 (endret) Haraldfo: La oss gå hardere til verks Denne gangen følger du LANGVERSONEN av https://www.diskusjon.no/index.php?showtopic=691246 postene det blir spurt etter, poster du i en EGEN tråd (ikke denne) Endret 17. april 2008 av r2d290 Lenke til kommentar
Xarus Skrevet 27. april 2008 Del Skrevet 27. april 2008 Har fått noe spyware dritt igjenn :S Her er Loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46:52, on 27.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Intel\Intel Application Accelerator\iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\NetProject\scit.exe C:\Programfiler\NetProject\sbmntr.exe C:\Programfiler\NetProject\scm.exe C:\Programfiler\Intel\Intel Application Accelerator\iaanotif.exe C:\Programfiler\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Programfiler\NetProject\sbsm.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe C:\Programfiler\PowerISO\PWRISOVM.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\programfiler\valve\steam\steam.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Skyr@cer Pro Utility\WLANPRO.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\WinZip\WZQKPICK.EXE C:\Programfiler\Dell Wireless\PRISMCFG.exe C:\Programfiler\Xfire\Xfire.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programfiler\Dealio\kb106\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Programfiler\NetProject\sbmdl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: 717305 helper - {963916CD-6311-485D-93DC-3BD1B9E2D2CB} - C:\WINDOWS\system32\717305\717305.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programfiler\Dealio\kb106\Dealio.dll O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Programfiler\NetProject\wamdl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [au] C:\Programfiler\Dealio\DealioAU.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [iSUSPM] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [VoipBuster] "C:\Programfiler\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\NetProject\sbmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Skyr@cer Pro PCI 154 Configuration Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programfiler\Dealio\kb106\res\DealioSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing) O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb106\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - C:\WINDOWS\system32\zfaiqwr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE -- End of file - 10258 bytes Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå