ZlaleX Skrevet 8. mars 2007 Del Skrevet 8. mars 2007 Hei. Har en kamrat som sliter med pcen sin. Kunne noen bare gått over loggen å sett etter feil? Logfile of HijackThis v1.99.1 Scan saved at 22:02:36, on 08.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\CyberLink\Power2Go\Power2GoExpress.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Norman\Nvc\BIN\NPFSVICE.EXE C:\Programfiler\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe C:\Norman\Bin\Zanda.exe C:\Programfiler\Xfire\Xfire.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\BIN\npfmsg2.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Grisoft\AVG7\avgcc.exe C:\Programfiler\Grisoft\AVG7\avgwb.dat C:\Programfiler\alex\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Programfiler\CyberLink\PowerBackup\PBKScheduler.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Power2GoExpress] "C:\Programfiler\CyberLink\Power2Go\Power2GoExpress.exe" /Startup O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [steam] C:\Programfiler\Valve\Steam\\Steam.exe -silent O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137417613093 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{05566DFA-8295-4EB7-B0E4-A8D009497104}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\..\{340C1AAB-5BD3-45F7-96C5-9D57002ACA16}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\..\{4431B6A3-B928-43A9-AD52-720AC8988D6E}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F2264DE-4243-4972-9297-F853B214F7C8}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\..\{89138AD3-1DB0-4BBD-B401-FE73AF424CB0}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7607F6B-8B1A-4AB4-A7AD-3DC7850A4581}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\..\{F123E1C4-5149-45B7-A100-D2C77C1C23DA}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\..\{FA61F95E-D1A7-405C-A48D-E07BBE634958}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.118 85.255.112.199 O17 - HKLM\System\CS1\Services\Tcpip\..\{05566DFA-8295-4EB7-B0E4-A8D009497104}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.118 85.255.112.199 O17 - HKLM\System\CS2\Services\Tcpip\..\{05566DFA-8295-4EB7-B0E4-A8D009497104}: NameServer = 85.255.115.118,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.118 85.255.112.199 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Active Common Service - Unknown owner - C:\WINDOWS\system32\commserv.exe (file missing) O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Nvc\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe Lenke til kommentar
norbat Skrevet 8. mars 2007 Del Skrevet 8. mars 2007 (endret) Hent Fixwareout Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install. Sjekk at det er avkrysset i 'Run fixit'. Klikk Finish og fixet vil starte. Følg instruksjonen. Restart pc'n når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt ..... Når pc'n har restartet følger du bare instruksjonen som kommer på skjermen. Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': Alle O17-linjene O23 - Service: Active Common Service - Unknown owner - C:\WINDOWS\system32\commserv.exe (file missing) Restart pc'n Post en ny HJT-logg sammen med loggen fra Fixwareout (C:\fixwareout\report.txt) Endret 8. mars 2007 av norbat Lenke til kommentar
ZlaleX Skrevet 8. mars 2007 Forfatter Del Skrevet 8. mars 2007 Hijack Logfile of HijackThis v1.99.1 Scan saved at 22:37:29, on 08.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Norman\Nvc\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\alg.exe C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\CyberLink\Power2Go\Power2GoExpress.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Valve\Steam\Steam.exe C:\Norman\Nvc\BIN\npfmsg2.exe C:\Programfiler\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Xfire\Xfire.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\alex\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Programfiler\CyberLink\PowerBackup\PBKScheduler.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Power2GoExpress] "C:\Programfiler\CyberLink\Power2Go\Power2GoExpress.exe" /Startup O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Steam] C:\Programfiler\Valve\Steam\\Steam.exe -silent O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137417613093 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Nvc\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe Fixwareout HKLM\SOFTWARE\~\Winlogon\ "System"="kdjiy.exe" »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other C:\WINDOWS\Temp\kdjiy.ren 63347 04.08.2004 »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NVMixerTray"="\"C:\\Programfiler\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "Gainward"="C:\\WINDOWS\\TBPanel.exe /A" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "NeroFilterCheck"="C:\\Programfiler\\Fellesfiler\\Ahead\\Lib\\NeroCheck.exe" "RemoteControl"="C:\\Programfiler\\CyberLink\\PowerDVD\\PDVDServ.exe" "{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="C:\\Programfiler\\CyberLink\\PowerBackup\\PBKScheduler.exe" "Norman ZANDA"="C:\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH" "ccApp"="\"C:\\Programfiler\\Fellesfiler\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"C:\\Programfiler\\Norton Internet Security\\osCheck.exe\"" "DAEMON Tools"="\"C:\\Programfiler\\DAEMON Tools\\daemon.exe\" -lang 1033" "QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programfiler\\iTunes\\iTunesHelper.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programfiler\\Fellesfiler\\Ahead\\Lib\\NMBgMonitor.exe\"" "Power2GoExpress"="\"C:\\Programfiler\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup" "msnmsgr"="\"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe\" /background" "Steam"="C:\\Programfiler\\Valve\\Steam\\\\Steam.exe -silent" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» Lenke til kommentar
norbat Skrevet 8. mars 2007 Del Skrevet 8. mars 2007 Heisann, Noe småpirk igjen.... Mener å se at det ligger en del antivirus-programmer på pc'n. Fjern alle utenom 1. Hent SAS, installer og oppdater. Hent CCleaner, installer. Bruk utforsker til å finne og slette (i bold): C:\WINDOWS\Temp\kdjiy.ren Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll Kjør en rens med CCleaner samt noen ganger 'Saker'. Kjør en 'Complete scan' med SAS. Post deretter en logg fra SAS (preferences->statistics/logs) + en ny HJT-logg. Jeg antar du har oversikt over pokerprogrammet som ligger på pc'n? (pacificpoker.exe) Lenke til kommentar
ZlaleX Skrevet 8. mars 2007 Forfatter Del Skrevet 8. mars 2007 Men er ikke SAS anntatt å være litt dårligere enn andre antivirus? Mener å ha lest det. CCleaner er kjørt et par ganger. Det med pokergreiene vet jeg ikke noe om. For er ikke min pc. Lenke til kommentar
norbat Skrevet 8. mars 2007 Del Skrevet 8. mars 2007 SAS er antispyware, ikke antivirus. Vedkommende har flere antivirus-programmer (Norman, Norton, AVG) på pc'n og bør fjerne alle utenom 1. Følg forøvrig resten av veiledningen. Lenke til kommentar
ZlaleX Skrevet 8. mars 2007 Forfatter Del Skrevet 8. mars 2007 Okei Takker så meget for hjelpen forresten. Logger kommer straks. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå