Bus07ter Skrevet 31. januar 2007 Del Skrevet 31. januar 2007 Hei, Jeg har kjørt AVG og Ad-Aware i vanlig modus og sikker modus og fant mye ille, nå er det fjernet. Men fortsatt viser bruk av CPU 100%. Når jeg kjører i sikker modus er alt ok. Her er Hijack loggen. På forhånd takk Logfile of HijackThis v1.99.1 Scan saved at 8:53:43 PM, on 01/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\DOCUME~1\Kunde\LOKALE~1\Temp\Rar$EX01.169\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: Helper Class - {00D13CE9-1879-41bd-B8A3-EA3CB1BD01BC} - C:\WINDOWS\system32\helper1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B22DFA8-897F-4D73-8300-FFABA1833ADa} - C:\WINDOWS\system32\lml.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\DOCUME~1\Kunde\LOKALE~1\Temp\tmp3.tmp.dll O2 - BHO: (no name) - {70fd1cb7-7b01-4d1c-8b1c-0c02f4bf7ae5} - C:\WINDOWS\system32\kbdics.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {A0979818-4CDD-471C-9CC7-C817BC6AEDDB} - C:\WINDOWS\system32\nehp.dll (file missing) O2 - BHO: (no name) - {D70C109C-077F-47BB-8DAE-B6D841D6B027} - C:\WINDOWS\system32\lml.dll O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar\01.01.2607.0\no\msntb.dll (file missing) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programfiler\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programfiler\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programfiler\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\win_v72.dll O20 - Winlogon Notify: kbdics - kbdics.dll (file missing) O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing) O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenter\Settings\partnership.dll (file missing) O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: GoogleDesktopManager - Unknown owner - C:\Programfiler\Google\Google Desktop Search\GoogleDesktopManager.exe (file missing) O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe O23 - Service: Network DDE Information - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe Lenke til kommentar
Bus07ter Skrevet 31. januar 2007 Forfatter Del Skrevet 31. januar 2007 Kjørte Hijack analyse som beskrevet i guide her og nå er det som før, guiden virket. Lenke til kommentar
norbat Skrevet 31. januar 2007 Del Skrevet 31. januar 2007 Kjørte Hijack analyse som beskrevet i guide her og nå er det som før, guiden virket. 7843903[/snapback] Det skader ikke å poste en ny HJT-logg Lenke til kommentar
Bus07ter Skrevet 1. februar 2007 Forfatter Del Skrevet 1. februar 2007 Hei, Maskinen virket ok bare til neste oppstart, nå er den som sirup igjen. Logfile of HijackThis v1.99.1 Scan saved at 6:37:19 PM, on 02/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\svchost.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\taskmgr.exe C:\Norman\Nvc\BIN\NIP.EXE C:\NORMAN\Nvc\BIN\nvcoas.exe C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\system32\wuauclt.exe C:\Norman\Nvc\bin\cclaw.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Npf\BIN\npfmsg2.exe C:\Documents and Settings\Kunde\Skrivebord\heiho\Thomas.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B22DFA8-897F-4D73-8300-FFABA1833ADa} - C:\WINDOWS\system32\lml.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {D70C109C-077F-47BB-8DAE-B6D841D6B027} - C:\WINDOWS\system32\lml.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programfiler\IrfanView\Ebay\Ebay.htm O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe Lenke til kommentar
norbat Skrevet 1. februar 2007 Del Skrevet 1. februar 2007 Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Oppdater AVG Antispyware Hent DrWeb Kjør HJT og fix: O2 - BHO: (no name) - {0B22DFA8-897F-4D73-8300-FFABA1833ADa} - C:\WINDOWS\system32\lml.dll O2 - BHO: (no name) - {D70C109C-077F-47BB-8DAE-B6D841D6B027} - C:\WINDOWS\system32\lml.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe Restart pc i sikker modus (tapp f8 under oppstart) Bruk utforsker, og se om du kan finne og slette (i bold): C:\WINDOWS\system32\lml.dll C:\WINDOWS\system32\rpcc.dll c:\windows\system32\msvcrtd.exe Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Kjør deretter en full scan med AVGas Restart i normal modus og post en ny HJT-logg Lenke til kommentar
Bus07ter Skrevet 2. februar 2007 Forfatter Del Skrevet 2. februar 2007 Hei igjen, det går ikke fort med meg, Logfile of HijackThis v1.99.1 Scan saved at 9:03:03 PM, on 02/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\Norman\bin\NJEEVES.EXE C:\WINDOWS\system32\wuauclt.exe C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\Documents and Settings\Kunde\Skrivebord\heiho\Thomas.exe C:\Documents and Settings\Kunde\Skrivebord\heiho\Thomas.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programfiler\IrfanView\Ebay\Ebay.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O20 - AppInit_DLLs: C:\WINDOWS\system32\syst4k.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe Denne filen fjerner jeg i sikker modus og da blir den borte, men etter restart så er den der igjen: c:\windows\system32\msvcrtd.exe Ellers virker PC'en ok nå Lenke til kommentar
norbat Skrevet 2. februar 2007 Del Skrevet 2. februar 2007 (endret) Klikk: Start->Kjør, skriv: sc delete msupdate Last ned cwshredder, pakk det ut og kjør programmet. Kjør HJT og fix: O20 - AppInit_DLLs: C:\WINDOWS\system32\syst4k.dll Restart pc'n Post en ny HJT-logg Endret 2. februar 2007 av norbat Lenke til kommentar
Bus07ter Skrevet 2. februar 2007 Forfatter Del Skrevet 2. februar 2007 Nå ble den også borte tror jeg. Logfile of HijackThis v1.99.1 Scan saved at 10:57:39 PM, on 02/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\Norman\bin\NJEEVES.EXE C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Documents and Settings\Kunde\Skrivebord\heiho\Thomas.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programfiler\IrfanView\Ebay\Ebay.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe Lenke til kommentar
norbat Skrevet 2. februar 2007 Del Skrevet 2. februar 2007 (endret) Loggen er ren Hvis du kjører 2 antivirusprogram (Norman / AVG), avinstallerer du den ene. Du kan oppdatere javaen til siste versjon Det kan være lurt å nullstille gjenopprettingsmappa slik at man ikke blir infisert ved en evt. systemgjenoppretting. (Kontrollpanel->system->systemgjenoppretting . Sett hake framfor "Slå av .......", restart pc, fjern haken) Etterpå lager du deg et gjenopprettingspunkt manuelt (Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette et nytt. Navgi det og klikk opprett) Hvordan kjører forøvrig pc'n? Endret 2. februar 2007 av norbat Lenke til kommentar
Bus07ter Skrevet 3. februar 2007 Forfatter Del Skrevet 3. februar 2007 Den virker bra, nå leser jeg på forumet hvordan få raskere oppstart. Tusen takk til deg Norbat, du har virkelig greie på dette Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå