anders! Skrevet 17. mai 2006 Del Skrevet 17. mai 2006 (endret) Hei! HAr mistanke om at jeg har virus på PCen. Men tenkte jeg skulle snakke med noen flinke folk! Har scanet PCen med spyware doctor og AVG 7.1 (IKKE gratis versjonen). Har skannet med HijackThis. Her er resultat loggen. Hva skal jeg gjøre! Forstår ingenting! Takk for alle svar Anders HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 18:52:44, on 17.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\TBPanel.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\PROGRA~2\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Sondre\MINEDO~1\ASEMBL~1\tracert.exe C:\Documents and Settings\Sondre\Programdata\a?sembly\csrss.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\Programfiler\Spyware Doctor\swdoctor.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\atmclk.exe C:\Programfiler\Grisoft\AVG7\avgwb.dat D:\Programfiler\Mozilla\firefox.exe D:\Programfiler\Mozilla\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - Default URLSearchHook is missing O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~2\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yyjf] C:\Documents and Settings\Sondre\Programdata\a?sembly\csrss.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: .protected O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: .protected O4 - Global Startup: Hurtigstart for Microsoft Office OneNote 2003.lnk = D:\Programfiler\Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~3\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~3\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O15 - Trusted Zone: http://www.sf-anytime.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~2\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe EDIT: Er det ingen som kan hjelpe meg med dette? Trenger virkelig hjelp! Endret 17. mai 2006 av AndersdD Lenke til kommentar
anders! Skrevet 17. mai 2006 Forfatter Del Skrevet 17. mai 2006 (endret) Hei! HAr mistanke om at jeg har virus på PCen. Men tenkte jeg skulle snakke med noen flinke folk! Har scanet PCen med spyware doctor og AVG 7.1 (IKKE gratis versjonen). Har skannet med HijackThis. Her er resultat loggen. Hva skal jeg gjøre! Forstår ingenting! Takk for alle svar Anders HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 18:52:44, on 17.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\TBPanel.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\PROGRA~2\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Sondre\MINEDO~1\ASEMBL~1\tracert.exe C:\Documents and Settings\Sondre\Programdata\a?sembly\csrss.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\Programfiler\Spyware Doctor\swdoctor.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\atmclk.exe C:\Programfiler\Grisoft\AVG7\avgwb.dat D:\Programfiler\Mozilla\firefox.exe D:\Programfiler\Mozilla\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - Default URLSearchHook is missing O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~2\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yyjf] C:\Documents and Settings\Sondre\Programdata\a?sembly\csrss.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: .protected O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: .protected O4 - Global Startup: Hurtigstart for Microsoft Office OneNote 2003.lnk = D:\Programfiler\Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~3\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~3\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O15 - Trusted Zone: http://www.sf-anytime.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~2\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe EDIT: Er det ingen som kan hjelpe meg med dette? Trenger virkelig hjelp! 6121525[/snapback] Ikke for å mase. Bruker PCen mye og trenger hjelp. Noen svar? Endret 17. mai 2006 av AndersdD Lenke til kommentar
PerB Skrevet 17. mai 2006 Del Skrevet 17. mai 2006 Hvorfor bumpe?? Forøvrigt hva får deg til å tro du har virus? Har scanningen gitt noen resultat? Lenke til kommentar
anders! Skrevet 17. mai 2006 Forfatter Del Skrevet 17. mai 2006 Hvorfor bumpe??Forøvrigt hva får deg til å tro du har virus? Har scanningen gitt noen resultat? 6121864[/snapback] Alle søkene viser 0 skade. Jeg tror jeg har fått virus fordi det hele tiden dukker opp varseltegn nede ved klokken som sier: "System Alert! Spyware and adware: Your computer performance slowed down. Yor internet connection has decreased. You received more spam than ever. Use spwware scan to find out the reason. I tilleg dukker det opp mye mer reklame og popups. Porno og internett kasino det vanligste. Noen som har noe svar? Eller er formatering eneste utvei=(? Anders Lenke til kommentar
berxter Skrevet 17. mai 2006 Del Skrevet 17. mai 2006 (endret) Ha, jeg ser den, jeg, ja. En liten smitfraudvariant. Medisinen du trenger får du hos http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Og Funweb i en Active-Xkontroll. Og en virusinfeksjon, sannsynligvis Nimda(? merkelig, da du har AVG, men slik er det).Her anbefalte jeg Symantecs fjerneverktøy, men jeg tror Ewido er bedre. Forresten tror jeg heller jeg vil be deg om å laste ned Ewido, installere og oppdatere; IKKE kjøre ennå, men fixe følgende med HJT: O4 - HKCU\..\Run: [Yyjf] C:\Documents and Settings\Sondre\Programdata\a?sembly\csrss.exe O4 - Startup: .protected (begge tilfellene) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) C:\WINDOWS\system32\atmclk.exe Så reboote i safe mode (f8 under oppstart), kjør Ewido. Når du har gjort det, kjør ccleaner, så stikker du innom hos Panda Activescan og kjører den. Husk see report og save report. Etterpå legger du ut en blodfersk HJTlogg og Pandaloggen. KJØR ccleaner før Panda, vær så snill! Bernt K Endret 17. mai 2006 av berxter Lenke til kommentar
anders! Skrevet 21. mai 2006 Forfatter Del Skrevet 21. mai 2006 Ha, jeg ser den, jeg, ja. En liten smitfraudvariant. Medisinen du trenger får du hos http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Og Funweb i en Active-Xkontroll. Og en virusinfeksjon, sannsynligvis Nimda(? merkelig, da du har AVG, men slik er det).Her anbefalte jeg Symantecs fjerneverktøy, men jeg tror Ewido er bedre. Forresten tror jeg heller jeg vil be deg om å laste ned Ewido, installere og oppdatere; IKKE kjøre ennå, men fixe følgende med HJT: O4 - HKCU\..\Run: [Yyjf] C:\Documents and Settings\Sondre\Programdata\a?sembly\csrss.exe O4 - Startup: .protected (begge tilfellene) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) C:\WINDOWS\system32\atmclk.exe Så reboote i safe mode (f8 under oppstart), kjør Ewido. Når du har gjort det, kjør ccleaner, så stikker du innom hos Panda Activescan og kjører den. Husk see report og save report. Etterpå legger du ut en blodfersk HJTlogg og Pandaloggen. KJØR ccleaner før Panda, vær så snill! Bernt K 6122179[/snapback] Takk for hjelpen Bernt! Greide det Lenke til kommentar
zjulik Skrevet 21. mai 2006 Del Skrevet 21. mai 2006 (endret) Takk for hjelpen Bernt! Greide det Som Bernt også sier - ny logg plis. Endret 21. mai 2006 av zjulik Lenke til kommentar
anders! Skrevet 22. mai 2006 Forfatter Del Skrevet 22. mai 2006 (endret) Takk for hjelpen Bernt! Greide det Som Bernt også sier - ny logg plis. 6151319[/snapback] Ja her er da loggen etter at jeg har gjort allllt som Bernt sa : Logfile of HijackThis v1.99.1 Scan saved at 10:44:13, on 22.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\ewido anti-malware\ewidoctrl.exe C:\Programfiler\ewido anti-malware\ewidoguard.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\TBPanel.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\PROGRA~2\Grisoft\AVG7\avgcc.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Spyware Doctor\swdoctor.exe D:\Programfiler\Mozilla\firefox.exe D:\Programfiler\Mozilla\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - Default URLSearchHook is missing O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~2\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: .protected O4 - Global Startup: .protected O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~3\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~3\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O15 - Trusted Zone: http://www.sf-anytime.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~2\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe Får ikke til pandaloggen! Når notisblokken kommer opp står det ingen ting!! Endret 22. mai 2006 av AndersdD Lenke til kommentar
zjulik Skrevet 22. mai 2006 Del Skrevet 22. mai 2006 O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing) Denne kan du krysse av for i Hijackthis og be den fikse. Søppel fra før rensingen. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm Hvis Windows Defender har en "reset internet pages" funksjon - M$ Antispyware hadde det - så gå inn på den. At homepage er satt til about:blank kan være et tegn på infeksjon...ta i alle fall og kryss disse to av for fiks. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå