brusno Skrevet 16. mars 2007 Del Skrevet 16. mars 2007 Har fått ett lite problem på dataen min. Når jeg starter opp, så åpnes det en masse sider i IE, bl.a. www.gozobil.lx.ro I tillegg kommer en lyd som gjentar seg ved jevne mellomrom, ett bip. Legger ved Hijackthis rapport: Logfile of HijackThis v1.99.1 Scan saved at 22:42:42, on 15.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe c:\programfiler\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\Programfiler\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Rainlendar\Rainlendar.exe C:\Programfiler\Yahoo!\Messenger\ymsgr_tray.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\WgaTray.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe C:\WINDOWS\system32\winlogin.exe C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe C:\Programfiler\jakt\jakt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gozobil.lx.ro R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sitedirector.symantec.com/932743328...d=003&vendtag=0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programfiler\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PMCS] "C:\Programfiler\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programfiler\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles O4 - HKLM\..\Run: [PMCRemote] C:\Programfiler\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [PMCS] "C:\Programfiler\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programfiler\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programfiler\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programfiler\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programfiler\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programfiler\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programfiler\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programfiler\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programfiler\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programfiler\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programfiler\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe Håper noen kan hjelpe. Lenke til kommentar
norbat Skrevet 16. mars 2007 Del Skrevet 16. mars 2007 (endret) Hent cws, installer. Oppdater og scan/fix. Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer.......". Lukk programmet. Hent SAS, installer og oppdater. Lukk programmet. Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Start HJT, sett merke framfor følgende linjer og klikk 'Fix checked': R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://www.gozobil.lx.ro R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.gozobil.lx.ro R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://www.gozobil.lx.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.gozobil.lx.ro F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Bruk utforsker til å finne og slett (i fet): C:\WINDOWS\system32\winlogin.exe <-Se nøye på filnavnet!! Kjør CWS igjen. Kjør en rens med CCleaner. Kjør en 'Complete scan' med SAS Restart i normal tilstand. Post en ny HJT-logg + loggen fra SAS (preferences -> statistics/logs) Endret 16. mars 2007 av norbat Lenke til kommentar
brusno Skrevet 16. mars 2007 Forfatter Del Skrevet 16. mars 2007 Ok, nå har jeg prøvd det du har foreslått, og de irriterende greiene har faktisk forsvunnet Så da vil jeg takke for at du hjalp meg. Ny Hijackthis logg: Logfile of HijackThis v1.99.1 Scan saved at 18:09:21, on 16.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe c:\programfiler\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\WINDOWS\system32\WgaTray.exe C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\Programfiler\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Programfiler\Rainlendar\Rainlendar.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\jakt\jakt.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sitedirector.symantec.com/932743328...d=003&vendtag=0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programfiler\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PMCS] "C:\Programfiler\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programfiler\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles O4 - HKLM\..\Run: [PMCRemote] C:\Programfiler\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [PMCS] "C:\Programfiler\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programfiler\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programfiler\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programfiler\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programfiler\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programfiler\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programfiler\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programfiler\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programfiler\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programfiler\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programfiler\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe SAS logg: SUPERAntiSpyware Scan Log Generated 03/16/2007 at 05:27 PM Application Version : 3.6.1000 Core Rules Database Version : 3201 Trace Rules Database Version: 1212 Scan type : Quick Scan Total Scan Time : 00:09:24 Memory items scanned : 732 Memory threats detected : 0 Registry items scanned : 767 Registry threats detected : 5 File items scanned : 12404 File threats detected : 27 Adware.Tracking Cookie C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][1].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][1].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@clicksor[2].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@1072684359[1].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@dynamicsitestats[2].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][2].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@cgi-bin[1].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][1].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@1072386779[1].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][1].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@cgi-bin[2].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][1].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@xiti[1].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@tacoda[1].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@adsrevenue[2].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@partypoker[2].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@yadro[1].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@hypertracker[2].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][2].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][2].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][2].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][1].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][1].txt C:\Documents and Settings\Mona Terese\Cookies\mona [email protected][1].txt C:\Documents and Settings\Mona Terese\Cookies\mona terese@1068557993[2].txt Registry Cleaner Trial HKCR\Install.Install HKCR\Install.Install\CLSID HKCR\Install.Install\CurVer HKCR\Install.Install.1 HKCR\Install.Install.1\CLSID Trojan.Service C:\WINDOWS\SYSTEM32\DRIVERS\ETC\SERVICE.EXE Trojan.WinUp C:\WINDOWS\SYSTEM32\DRIVERS\ETC\WIN32.DLL Lenke til kommentar
norbat Skrevet 16. mars 2007 Del Skrevet 16. mars 2007 (endret) Hei, HJT-loggen ser fin ut Du bør slå av "vis skjulte filer og mapper" igjen slik at du ikke ved en feil sletter viktige systemfiler. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Etterpå lager du deg et gjenopprettingspunkt manuelt Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette et nytt. Navgi det og klikk opprett. Du kan også vurdere å kjøre en 'complete scan' med SAS (ikke bare en quick scan). Hvis du synes Yahoo toolbar er en flott sak, skal du selvfølgelig beholde den. Om ikke, bort med den Får du behov for hjelp med spyware etc., vet du hvilket forum du skal bruke. PS. IE har kommet ut med v. 7.0. Anbefaler deg å hente den. Endret 16. mars 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå