.com Skrevet 8. juni 2006 Del Skrevet 8. juni 2006 heisann, igår fikk jeg et virus, det gjorde at jeg ikke fikk tilgang til internett, cmd er plutselig ikke et gyldig win32 program og oppgavebehandlingen brukes visst av et annet program? kjørte virus - scan med avast! men den klarte ikke å reparere filene så jeg prøvde å slette dem, noe som selvsagt ikke hjalp, så jeg tok sytem gjenoppretting. nå har jeg internett, men, problemene med cmd og task manager er der fremdeles og limewire starter igjen hver gang jeg slår det av noen som kan hjelpe? Lenke til kommentar
berxter Skrevet 8. juni 2006 Del Skrevet 8. juni 2006 Kjørte du avast i safe mode? Hvis ikke prøver du det (f8 under boot). Bernt K Lenke til kommentar
.com Skrevet 8. juni 2006 Forfatter Del Skrevet 8. juni 2006 søkte under oppstart... btw her er en hijackthis-loggfil: Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.1Scan saved at 15:32:15, on 08.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\ssoftsrv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FELLES~1\Stardock\SDMCP.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Java\jre1.5.0_04\bin\jucheck.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Programfiler\MessengerPlus! 3\MsgPlus.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\GrabClipSave\GrabClipSave.exe C:\Programfiler\Eraser\eraser.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Hamachi\hamachi.exe C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\taskmgr.exe C:\Programfiler\Samurize\Client.exe C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe C:\Programfiler\UltimateZip\uzqkst.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\iTunes\iTunes.exe C:\Programfiler\limewire\limewire.exe C:\Documents and Settings\Anders\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programfiler\NewDotNet\newdotnet7_22.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programfiler\Accoona\ASearchAssist.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Programfiler\CyberLink\PowerBackup\PBKScheduler.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [razer] C:\Programfiler\Razer\razerhid.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FELLES~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [GCS] "C:\Programfiler\GrabClipSave\GrabClipSave.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Eraser] "C:\Programfiler\Eraser\eraser.exe" -hide O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - Startup: MetaCafe.lnk = C:\Programfiler\Metacafe\MetacafeAgent.exe O4 - Startup: Samurize.lnk = C:\Programfiler\Samurize\Client.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Programfiler\UltimateZip\uzqkst.exe O4 - Global Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe O4 - Global Startup: MediaKey.lnk = C:\Programfiler\MediaKey\MagicRun.exe O4 - Global Startup: MetaCafe.lnk = C:\Programfiler\Metacafe\MetacafeAgent.exe O4 - Global Startup: taskmgr.exe O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Add to Change Mon Ecran - c:\windows\CmeIE.htm O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149531061109 O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{63C98B03-5784-49BE-BCB2-2A79ACAFD808}: NameServer = 10.0.0.254 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programfiler\Fellesfiler\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe Lenke til kommentar
.com Skrevet 8. juni 2006 Forfatter Del Skrevet 8. juni 2006 hmm... merkelig plassering taskmgr... Lenke til kommentar
berxter Skrevet 8. juni 2006 Del Skrevet 8. juni 2006 (endret) Klassiker! Mywebsearch og new.net. Begynn med å se etter om du kan avinstallere Mywebsearch /Mysearch/ smiley central/ andre Funwebgreier i kontrollpanelet. Så plukker du ned SpyBot og Adaware, og kjører dem. Spybot alene greier ofte denne biffen. Den vil sannsynligvis gjerne få lov til å ta en runde ved neste boot, og det må den få. Du har sørgelig rett i at taskmgr.exe ligger et merkelig sted; vi ser om Spybot/Adaware gjør noe med den, ellers må vi kaste f eks Ewido i hue på den. Ikke glem å kjøre Ccleaner i ny og ne under prosessen... CrazyTalk er vel også noe tvilsom, da den er delvis reklamebasert; jeg ville ihvertfall kvittet meg med den fluksens. Etterpå legger du ut en blodfersk HJTlogg, så ser vi om hardere lut må til. Bernt K Endret 8. juni 2006 av berxter Lenke til kommentar
.com Skrevet 8. juni 2006 Forfatter Del Skrevet 8. juni 2006 (endret) her er ny logg etter scanning med spybot, ad-aware og avast: btw: nå funker task-manager, etter manuell sletting av den merkelige "erstatningen" men ikke cmd og regedit Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.1Scan saved at 18:15:51, on 08.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\ssoftsrv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\FELLES~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Java\jre1.5.0_04\bin\jucheck.exe C:\Programfiler\MessengerPlus! 3\MsgPlus.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\GrabClipSave\GrabClipSave.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Eraser\eraser.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\Hamachi\hamachi.exe C:\Programfiler\Metacafe\MetacafeAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Samurize\Client.exe C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe C:\Programfiler\UltimateZip\uzqkst.exe C:\Documents and Settings\Anders\Skrivebord\HijackThis.exe C:\Programfiler\Alwil Software\Avast4\setup\avast.setup R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Suger R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programfiler\Accoona\ASearchAssist.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Programfiler\CyberLink\PowerBackup\PBKScheduler.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [razer] C:\Programfiler\Razer\razerhid.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FELLES~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [GCS] "C:\Programfiler\GrabClipSave\GrabClipSave.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Eraser] "C:\Programfiler\Eraser\eraser.exe" -hide O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: MetaCafe.lnk = C:\Programfiler\Metacafe\MetacafeAgent.exe O4 - Startup: Samurize.lnk = C:\Programfiler\Samurize\Client.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Programfiler\UltimateZip\uzqkst.exe O4 - Global Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe O4 - Global Startup: MediaKey.lnk = C:\Programfiler\MediaKey\MagicRun.exe O4 - Global Startup: MetaCafe.lnk = C:\Programfiler\Metacafe\MetacafeAgent.exe O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Add to Change Mon Ecran - c:\windows\CmeIE.htm O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149531061109 O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{63C98B03-5784-49BE-BCB2-2A79ACAFD808}: NameServer = 10.0.0.254 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programfiler\Fellesfiler\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe Endret 8. juni 2006 av .com Lenke til kommentar
berxter Skrevet 8. juni 2006 Del Skrevet 8. juni 2006 Ikke helt ferdige ennå.. Få HJT til å fixe disse: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 Kjenner du denne? O8 - Extra context menu item: Add to Change Mon Ecran - c:\windows\CmeIE.htm Hvis ikke, fix med HJT Denne IPadressen? O17 - HKLM\System\CCS\Services\Tcpip\..\{63C98B03-5784-49BE-BCB2-2A79ACAFD808}: NameServer = 10.0.0.254 Samme her. Ettersom du fortsatt har problemer med noen kommandoer vil jeg anbefale at du gjør disse tingene: - Last ned Ewido, oppdater den og kjør i safe mode (den er kjempegod til sitt bruk). - Ta en runde ccleaner - Kjør en Panda Activescan (det kan hende du må bruke IE....), husk see report og save report. Panda gir en strålende logg. Dersom Panda viser grums legg ut loggen. Bernt K Lenke til kommentar
.com Skrevet 8. juni 2006 Forfatter Del Skrevet 8. juni 2006 O8 - Extra context menu item: Add to Change Mon Ecran - c:\windows\CmeIE.htm, dette er et program for å skifte bakgrunnsbilde automatisk. skal prøve ewido, ccleaner og panda nå Lenke til kommentar
.com Skrevet 8. juni 2006 Forfatter Del Skrevet 8. juni 2006 ok, nå har jeg kjørt alt sammen og funnet haugevis av dritt, men cmd og regedit funker fremdeles ikke... eneste er at jeg ikke får kjørt panda Lenke til kommentar
berxter Skrevet 8. juni 2006 Del Skrevet 8. juni 2006 Panda er avhengig av Active-X, så kanskje det er der... Kan vi få se loggen Ewido lagde? Bernt K Lenke til kommentar
.com Skrevet 8. juni 2006 Forfatter Del Skrevet 8. juni 2006 (endret) selvfølgelig..... teksten blir for lang så legger ved fila Scan_report_20060608.txt.txt Endret 8. juni 2006 av .com Lenke til kommentar
berxter Skrevet 8. juni 2006 Del Skrevet 8. juni 2006 (endret) Jøssogjøss. Jeg glemte å si at du burde fjerne haka ved Additional Options->"install background guard" og "Install scan via context menu" da du installerte Ewido. Kjør Ccleaner, så cookiesene ihvertfall forsvinner. Husk å fjerne haka ved "only remove files older than 48 hours" under options->advanced. Vi får prøve med Spysweeper og se om den finner noe. Det er såvidt jeg vet en gratis prøveperiode. Prøv igjen å komme inn på Panda, pga kvaliteten på loggen. Bruk regedit og slett denne nøkkelen dersom den er der: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value: "outlook" = "%ProgramFiles%\outlook\outlook.exe /auto" Så ser vi gjerne en rykende fersk Ewidologg, og helst en Spysweeper og en Pandalogg. Bernt K Endret 8. juni 2006 av berxter Lenke til kommentar
.com Skrevet 8. juni 2006 Forfatter Del Skrevet 8. juni 2006 kommer ikke inn i regedit... Lenke til kommentar
berxter Skrevet 8. juni 2006 Del Skrevet 8. juni 2006 Huff, overså den... Prøv i safe mode, og mens du er der kjør Ewido igjen. Bernt K Lenke til kommentar
.com Skrevet 8. juni 2006 Forfatter Del Skrevet 8. juni 2006 kjører nå spy sweeper, og det ser ut som den finner endel av det jeg trodde jeg hadde slettet før.... prøver det i safe mode og ewido i morra, legger meg nå... Lenke til kommentar
.com Skrevet 9. juni 2006 Forfatter Del Skrevet 9. juni 2006 her er spysweeper-loggen: Skjult tekst: (Marker innholdet i feltet for å se teksten): ********22:41: | Start of Session, 8. juni 2006 | 22:41: Spy Sweeper started 22:41: Sweep initiated using definitions version 695 22:41: Starting Memory Sweep 22:45: Memory Sweep Complete, Elapsed Time: 00:04:23 22:45: Starting Registry Sweep 22:45: Found Adware: accoona toolbar 22:45: HKCR\asearchassist.adefaultsearch\ (5 subtraces) (ID = 520489) 22:45: HKCR\typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952}\ (9 subtraces) (ID = 520538) 22:45: HKLM\software\classes\asearchassist.adefaultsearch\ (5 subtraces) (ID = 520749) 22:45: HKLM\software\classes\asearchassist.adefaultsearch.1\ (3 subtraces) (ID = 520755) 22:45: HKCR\asearchassist.adefaultsearch.1\ (3 subtraces) (ID = 954985) 22:45: HKCR\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}\ (4 subtraces) (ID = 954998) 22:45: HKLM\software\classes\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}\ (4 subtraces) (ID = 955055) 22:45: HKLM\software\classes\typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952}\ (9 subtraces) (ID = 955503) 22:45: Found Adware: dealbar toolbar 22:45: HKU\WRSS_Profile_S-1-5-21-4042235189-1037255959-764146366-1007\software\activshopper\ (4 subtraces) (ID = 726282) 22:45: HKU\WRSS_Profile_S-1-5-21-4042235189-1037255959-764146366-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {3d782bb3-f2a5-11d3-bf4c-000000000000} (ID = 826103) 22:45: HKU\WRSS_Profile_S-1-5-21-4042235189-1037255959-764146366-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {bfa03761-5565-41b3-93d9-82b354c0a8ec} (ID = 826846) 22:45: Found Trojan Horse: netbus 22:45: HKU\S-1-5-21-4042235189-1037255959-764146366-1006\netbus\ (ID = 135895) 22:45: Registry Sweep Complete, Elapsed Time:00:00:10 22:45: Starting Cookie Sweep 22:45: Found Spy Cookie: mywebsearch cookie 22:45: johan@mywebsearch[1].txt (ID = 3051) 22:45: Found Spy Cookie: xiti cookie 22:45: johan@xiti[1].txt (ID = 3717) 22:45: Cookie Sweep Complete, Elapsed Time: 00:00:02 22:45: Starting File Sweep 22:46: Found Adware: whenu savenow 22:46: c:\programfiler\vvsn (ID = -2147480376) 22:46: Found System Monitor: ghostkeylogger 22:46: gkldemo.exe (ID = 61709) 22:52: Found Adware: linkmaker 22:52: preuninstallhl.exe (ID = 255545) 23:02: Found Adware: targetsaver 23:02: class-barrel (ID = 78229) 23:03: Found Adware: shopathomeselect 23:03: intlib.bin (ID = 131688) 23:04: vocabulary (ID = 78283) 23:14: Found System Monitor: free key logger 23:14: sfklgcp.exe (ID = 206954) 23:18: Found Trojan Horse: trojan downloader matcash 23:18: mc-110-12-0000140.exe (ID = 294587) 23:21: Found Adware: command 23:21: kqc4trlw.vbs (ID = 185675) 23:25: File Sweep Complete, Elapsed Time: 00:39:56 23:25: Full Sweep has completed. Elapsed time 00:44:35 23:25: Traces Found: 69 07:28: Removal process initiated 07:28: Quarantining All Traces: free key logger 07:28: Quarantining All Traces: ghostkeylogger 07:28: Quarantining All Traces: trojan downloader matcash 07:28: Quarantining All Traces: linkmaker 07:28: Quarantining All Traces: netbus 07:28: Quarantining All Traces: shopathomeselect 07:28: Quarantining All Traces: targetsaver 07:28: Quarantining All Traces: accoona toolbar 07:28: Quarantining All Traces: command 07:28: Quarantining All Traces: dealbar toolbar 07:28: Quarantining All Traces: mywebsearch cookie 07:28: Quarantining All Traces: whenu savenow 07:28: Quarantining All Traces: xiti cookie 07:28: Removal process completed. Elapsed time 00:00:15 07:28: Sent error log: C:\Documents and Settings\Anders\Programdata\Webroot\Spy Sweeper\Logs\bugreport.txt Lenke til kommentar
zjulik Skrevet 9. juni 2006 Del Skrevet 9. juni 2006 Jaja. Det lover jo godt! CCleaner-rens og så en ny HijackThis-logg. Lenke til kommentar
.com Skrevet 9. juni 2006 Forfatter Del Skrevet 9. juni 2006 (endret) rykende fersk hijackthis-logg til ære for dere faen så stor den skal være glemte filen... hijackthis.doc Endret 9. juni 2006 av .com Lenke til kommentar
zjulik Skrevet 9. juni 2006 Del Skrevet 9. juni 2006 Ser pent ut nå. Er du fornøyd selv - ingen problemer? Eller er det innstillinger som trengs å repareres? Hva med regedit - funker den nå? Lurer ellers på denne: O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FELLES~1\TEKNUM~1\update.exe /startup Sikkert en del av noe du har lagt inn? Forøvrig henger du litt etter på javaen - du har 1.504. Oppdater din til den siste, 1.5.07: http://www.java.com/en/download/manual.jsp Lenke til kommentar
berxter Skrevet 9. juni 2006 Del Skrevet 9. juni 2006 Frøktele' hvor tidlig dere er på'n, da! Enig med Zjulik, det synes ikke å være mer å finne med HJT. Samme spørsmål som ham? Bernt K Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå