gq183 Skrevet 24. april 2006 Del Skrevet 24. april 2006 Nå har jeg gjort det meste! Jeg har googlet, og gjort det meste av det som står der. Ingenting hjelper! Kan noen her hjelpe? Her er min Hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 19:14:16, on 24.04.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\AhnLab\Smart Update Utility\AhnSDsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Java\jre1.5.0_03\bin\jucheck.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\PowerISO\PWRISOVM.EXE C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\MessengerPlus! 3\MsgPlus.exe C:\Programfiler\AhnLab\Smart Update Utility\AhnSD.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\AhnLab\V3\V3P3AT.exe C:\Programfiler\AhnLab\V3\V3IMPro.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Trend Micro\Internet Security\tmproxy.exe C:\Programfiler\Trend Micro\Internet Security\PccPfw.exe C:\Programfiler\Trend Micro\Internet Security\Tmntsrv.exe C:\Programfiler\Trend Micro\Internet Security\PCClient.EXE C:\Programfiler\Trend Micro\Internet Security\PCCGUIDE.EXE C:\Programfiler\Trend Micro\Internet Security\TMOAgent.exe C:\Programfiler\NoAds\NoAds.exe C:\Programfiler\Ares\Ares.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\windows\system32\explorer.exe C:\Documents and Settings\Felles\Skrivebord\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {441EEFAE-249B-4BFD-BDD7-76B2321C5A56} - C:\WINDOWS\system32\MSIMTF32.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - "C:\Programfiler\AhnLab\V3\V3Bar.dll" (file missing) O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Programfiler\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programfiler\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bgnAc] C:\WINDOWS\vthnmip.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\Bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [installed] 429 O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ipNetwork] C:\Programfiler\Network\ipnetwork.exe O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe O4 - HKLM\..\Run: [AHNSD] "C:\Programfiler\AhnLab\Smart Update Utility\AhnSD.exe" O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [WinService] c:\windows\system32\explorer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [NoAds] "C:\Programfiler\NoAds\NoAds.exe" O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...eInstall_no.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Programfiler\AhnLab\Smart Update Utility\AhnSDsv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MonSvcNT - AhnLab, Inc. - C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\Bin\Zanda.exe (file missing) O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Programfiler\Trend Micro\Internet Security\PccPfw.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Programfiler\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Programfiler\Trend Micro\Internet Security\tmproxy.exe HVA SKAL JEG GJØRE?? Lenke til kommentar
zjulik Skrevet 24. april 2006 Del Skrevet 24. april 2006 Her er det så mye at det er best du begynner med auto-diagnosen. Lim inn loggen her: http://www.hijackthis.de/ Ta deg tid og ikke ta bort noe du er usikker på. Post deretter en ny logg. Lenke til kommentar
berxter Skrevet 24. april 2006 Del Skrevet 24. april 2006 (endret) Du har AVprodukter fra AhnLab og Trend. Avinstaller/stopp ett av dem; sjelden at det lønner seg å ha to eller flere kjørende samtidig (du kan godt ha dem installert, men autostarten bør du slå av på ett). I tillegg har du fortsatt rester av Norton og Norman, og det gjør heller ikke saken bedre. Valgte du "sponsored" da du installerte MessengerPlus? Det ser slik ut. I såfall bør du kvitte deg med det. Har du satt opp O4 - HKCU\..\Run: [WinService] c:\windows\system32\explorer.exe? I tilfelle ikke; fix med HJT Kjenner du O4 - HKLM\..\Run: [bgnAc] C:\WINDOWS\vthnmip.exe? Hvis ikke, fix Dette er en crack, ikke sant: C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe? Kjenner du denne: O2 - BHO: (no name) - {441EEFAE-249B-4BFD-BDD7-76B2321C5A56} - C:\WINDOWS\system32\MSIMTF32.dll? Hvis ikke få HJT til å fikse den. Denne anses som bæsj: O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...eInstall_no.cab Sitat om MS Winks: "I have had viruses do less damage than this vile piece of software, it puts an undeletable file in your windows directory called msnappm.exe, which come up with registration reminders every 5 mins that interfers with other running applications EVEN when it's been uninstalled. To get rid of this you have to run command prompt, then open task manager and end process "explorer.exe" then use command prompt to delete the file (DEL c:\Windows\msnappm.exe)then restart explorer to get your task bar back (Goto task manager, click applications tab, then right click and goto new process and type Explorer in the box) " Kjør denne regla: http://www.wilderssecurity.com/showthread.php?t=50662 Gå gjennom alle flereogtjuepunktene, bruk CCleaner (google) istedet for pkt 13. Du har kjørt en Panda Activescan: Etter å ha kjørt Wildersregla, ta en ny Pandascan og legg ut loggen derifra sammen med en fersk HJTlogg her. EDIT: Jamen kom Zjulik meg i forkjøpet javascript:add_smilie("") Bernt K Endret 24. april 2006 av berxter Lenke til kommentar
Laughing Madcap Skrevet 24. april 2006 Del Skrevet 24. april 2006 Får ofte Errorsafe meldinger på noen hjemmesider. Har jeg virus da? Lenke til kommentar
berxter Skrevet 24. april 2006 Del Skrevet 24. april 2006 Ikke kapre en annens tråd... Start en ny, og legg ut en HijackThislogg der (link i sigen til Zjulik). Bernt K Lenke til kommentar
gq183 Skrevet 24. april 2006 Forfatter Del Skrevet 24. april 2006 Takker for raskt svar, og skal sette i gang med dette right away! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå