hautainn Skrevet 28. mars 2007 Del Skrevet 28. mars 2007 fant 4 ulike trojanere på pcn. prøvde å finne noe info om de, og fant ut at det muligens kunne være keyloggere. har lagt ved et .gif bilde som viser eksakt navn/beliggenhet til trojanerene. noen som vet hva jeg må gjøre for å fjerne? Norman antivirus har foreløpig satt de i karantene. Lenke til kommentar
hautainn Skrevet 28. mars 2007 Forfatter Del Skrevet 28. mars 2007 får vel fjerna med norman, men er det trygt? tenker på om det kan være en nødvendig fil som maskina trenger`? Lenke til kommentar
hautainn Skrevet 28. mars 2007 Forfatter Del Skrevet 28. mars 2007 har funnet registerfila gjennom regedit: REG_SZ MachineGuid {0278A165-64C1-4B04-8AB8-2FFF09713102} kan jeg trygt slette denne? Lenke til kommentar
norbat Skrevet 28. mars 2007 Del Skrevet 28. mars 2007 Filene som er funnet ligger i systemgjenopprettingen. Du kan nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Etterpå lager du deg et gjenopprettingspunkt manuelt Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette et nytt. Navgi det og klikk opprett. Etterpå kan du følge en enkel veiledning for en nærmere sjekk: https://www.diskusjon.no/index.php?showtopic=691246 Lenke til kommentar
hautainn Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 (endret) Takker lastet ned HijackThis. her er loggen: Logfile of HijackThis v1.99.1 Scan saved at 08:12:57, on 29/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\svchost.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Norman\NVC\Bin\Nvcut.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\sebastian-rosten.l\Skrivebord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://itsl.ntvgs.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O1 - Hosts: STOPzilla*** O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://intranett.ntvgs.no/ O16 - DPF: DirectEdit - https://www.its-learning.com//file/DirectEdit.CAB O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://intranett.ntvgs.no/meny/Activex/ikcntrls.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ntvgs.no O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Event Log Audit (MASEL) - Unknown owner - C:\SYS.000\Evl.exe (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: System Locate Notification - Unknown owner - C:\WINDOWS\svchost.exe Edit: legger til rapport fra AVG scan --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 09:10:14 29/03/2007 + Scan result: C:\WINDOWS\vgraph.dll -> Adware.Webdir : No action taken. HKLM\SOFTWARE\Classes\CLSID\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : No action taken. HKU\S-1-5-21-790525478-1644491937-682003330-62552\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : No action taken. :mozilla.108:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-3.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.109:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-3.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.12:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.138:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.139:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.13:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.140:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.145:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.149:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.14:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.150:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.34:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.35:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.40:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.41:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.42:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.44:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.56:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.57:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.58:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.60:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.60:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.61:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.65:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.65:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.66:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.67:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.69:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.76:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.77:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.78:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.82:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.96:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.99:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.108:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.109:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.119:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.120:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.122:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.123:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.126:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.127:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.14:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-6.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.15:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-6.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.16:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-6.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.386:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.387:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.78:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-7.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.79:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-7.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.97:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-8.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.98:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-8.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.155:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-3.txt -> TrackingCookie.Admarketplace : No action taken. :mozilla.36:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Admarketplace : No action taken. :mozilla.114:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.212:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.21:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.21:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.223:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.226:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.22:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.22:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.23:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.24:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.25:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.324:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.325:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Burstnet : No action taken. Endret 29. mars 2007 av hautainn Lenke til kommentar
hautainn Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 (endret) Poster loggen min her å. Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 08:12:57, on 29/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\svchost.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Norman\NVC\Bin\Nvcut.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\sebastian-rosten.l\Skrivebord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://itsl.ntvgs.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O1 - Hosts: STOPzilla*** O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://intranett.ntvgs.no/ O16 - DPF: DirectEdit - https://www.its-learning.com//file/DirectEdit.CAB O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://intranett.ntvgs.no/meny/Activex/ikcntrls.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ntvgs.no O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Event Log Audit (MASEL) - Unknown owner - C:\SYS.000\Evl.exe (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: System Locate Notification - Unknown owner - C:\WINDOWS\svchost.exe Edit: legger til rapport fra AVG scan --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 09:10:14 29/03/2007 + Scan result: C:\WINDOWS\vgraph.dll -> Adware.Webdir : No action taken. HKLM\SOFTWARE\Classes\CLSID\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : No action taken. HKU\S-1-5-21-790525478-1644491937-682003330-62552\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : No action taken. :mozilla.108:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-3.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.109:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-3.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.12:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.138:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.139:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.13:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.140:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.145:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.149:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.14:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.150:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.34:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.35:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.40:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.41:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.42:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.44:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.56:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.57:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.58:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.60:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.60:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.61:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.65:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.65:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.66:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.67:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.69:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.76:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.77:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.78:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.82:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.96:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.99:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.108:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.109:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.119:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.120:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.122:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.123:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.126:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.127:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.14:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-6.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.15:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-6.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.16:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-6.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.386:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.387:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.78:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-7.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.79:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-7.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.97:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-8.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.98:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-8.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.155:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-3.txt -> TrackingCookie.Admarketplace : No action taken. :mozilla.36:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Admarketplace : No action taken. :mozilla.114:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-9.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.212:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-11.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.21:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.21:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.223:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-12.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.226:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-13.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.22:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.22:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-4.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.23:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-2.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.24:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.25:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-5.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.324:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.325:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies-14.txt -> TrackingCookie.Burstnet : No action taken. Endret 29. april 2007 av Marley Lenke til kommentar
norbat Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 (endret) Se din opprinnelige post https://www.diskusjon.no/index.php?showtopi...5entry8264025 Endret 29. mars 2007 av norbat Lenke til kommentar
norbat Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 (endret) Hent Combofix og legg det på skrivebordet. Kjør Combofix Når programmet er ferdig åpnes en loggfil: combofix.txt som du poster senere. Kjør AVGas igjen og la programmet slette det den finner. Post deretter en ny HJT-logg + loggen fra combofix EDIT: Combofix-lenke korrigert. Endret 29. mars 2007 av norbat Lenke til kommentar
Lambada Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 norbat: Lagt merke til deg litt den siste tiden. Hjelper veldig mange som har problemer særlig på området med virus/registerfeil og slikt. Veldig bra, stå på!! Lenke til kommentar
Tore Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 (endret) AVG raporten viser en haug med Tracing cookies fra firefox... De er ikke farlige (som aller oftest om du ikke besøker porr ol) Du kan/bør også bruke AD-Aware SE & SpyBot - Search and destroy... Begge er uavhengige gratis programmer for å søke og fjerne ad-ware, spy-ware, mal-ware og andre ulumskheter virusprogrammer ikke nødvendigvis finner eller regner som farlige... EDIT: ja, norbat får + i "moderator-hjelperen" fra meg, supert.. Endret 29. mars 2007 av Scorpioen84 Lenke til kommentar
hautainn Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 (endret) Hent Combofix og legg det på skrivebordet. Kjør Combofix Når programmet er ferdig åpnes en loggfil: combofix.txt som du poster senere. Kjør AVGas igjen og la programmet slette det den finner. Post deretter en ny HJT-logg + loggen fra combofix 8264025[/snapback] linken er død, finner ikke noen nedlastningssteder for Combofix. Edit: fikk lastet ned fra http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe Endret 29. mars 2007 av hautainn Lenke til kommentar
hautainn Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 12:43 07-03-29 + Scan result: C:\System Volume Information\_restore{0278A165-64C1-4B04-8AB8-2FFF09713102}\RP1\A0000001.dll -> Adware.Webdir : No action taken. :mozilla.52:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.53:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.54:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.15:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Com : No action taken. :mozilla.23:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken. :mozilla.62:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.63:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.64:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.65:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.22:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Statistik-gallup : No action taken. :mozilla.83:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.84:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.85:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.86:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.87:C:\Documents and Settings\sebastian-rosten.l\Programdata\Mozilla\Firefox\Profiles\t20y0e19.default\cookies.txt -> TrackingCookie.Zedo : No action taken. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 12:45, on 07-03-29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Norman\Bin\Zanda.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\bin\cclaw.exe C:\Documents and Settings\sebastian-rosten.l\Skrivebord\ComboFix.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\sebastian-rosten.l\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O1 - Hosts: STOPzilla*** O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://intranett.ntvgs.no/ O16 - DPF: DirectEdit - https://www.its-learning.com//file/DirectEdit.CAB O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://intranett.ntvgs.no/meny/Activex/ikcntrls.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ntvgs.no O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Event Log Audit (MASEL) - Unknown owner - C:\SYS.000\Evl.exe (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: System Locate Notification - Unknown owner - C:\WINDOWS\svchost.exe (file missing) "sebastian-rosten.l" - 07-03-29 12:44:38 Service Pack 2 ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\sebastian-rosten.l\Skrivebord" ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-29 )))))))))))))))))))))))))))))))))) 2007-03-29 08:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-29 00:05 <DIR> dr-h----- C:\DOCUME~1\SEBAST~1.L\Siste 2007-03-16 13:20 <DIR> d-------- C:\DOCUME~1\SEBAST~1.L\Contacts 2007-03-16 13:19 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-03-16 13:18 <DIR> d-------- C:\Programfiler\Windows Defender 2007-03-16 13:16 <DIR> d-------- C:\Programfiler\MSN Messenger (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-28 22:42 -------- d-------- C:\DOCUME~1\SEBAST~1.L\PROGRA~1\utorrent 2007-03-28 21:32 -------- d-------- C:\Programfiler\spywareblaster 2007-03-28 19:28 -------- d-------- C:\Programfiler\warcraft iii 2007-03-28 16:27 -------- d-------- C:\Programfiler\swiftswitch 2007-03-25 13:13 59210 --a------ C:\WINDOWS\system32\perfc014.dat 2007-03-25 13:13 382282 --a------ C:\WINDOWS\system32\perfh014.dat 2007-03-20 14:21 56909522 --a------ C:\Programfiler\stepmania.rar 2007-03-20 12:30 -------- d-------- C:\Programfiler\stepmania 2007-03-16 22:33 -------- d-------- C:\DOCUME~1\SEBAST~1.L\PROGRA~1\dvdcss 2007-03-10 01:17 -------- d-------- C:\Programfiler\steam 2007-03-09 21:16 -------- d-------- C:\Programfiler\wc3banlist 2007-02-24 08:32 -------- d-------- C:\DOCUME~1\SEBAST~1.L\PROGRA~1\launchy 2007-02-23 16:29 -------- d-------- C:\Programfiler\openoffice.org 2.1 2007-02-23 15:09 -------- d-------- C:\DOCUME~1\SEBAST~1.L\PROGRA~1\openoffice.org2 2007-02-22 23:32 -------- d-------- C:\Programfiler\poweriso 2007-02-16 09:33 22782 --a------ C:\WINDOWS\system32\uninstxviddec.exe 2007-02-15 14:59 -------- d-------- C:\Programfiler\microsoft intellipoint 2007-02-10 20:33 -------- d-------- C:\Programfiler\launchy 2007-01-30 23:09 -------- d-------- C:\Programfiler\diko 2007-01-23 15:59 69335 --a------ C:\WINDOWS\war3unin.dat 2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "SigmatelSysTrayApp"="stsystra.exe" "SunJavaUpdateSched"="C:\\Programfiler\\Java\\jre1.5.0_06\\bin\\jusched.exe" "Norman ZANDA"="C:\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH" "IntelliPoint"="\"C:\\Programfiler\\Microsoft IntelliPoint\\ipoint.exe\"" "Windows Defender"="\"C:\\Programfiler\\Windows Defender\\MSASCui.exe\" -hide" "!AVG Anti-Spyware"="\"C:\\Programfiler\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Programmer\\Oppstart\\Hurtigstart for Adobe Reader.lnk" "backup"="C:\\WINDOWS\\pss\\Hurtigstart for Adobe Reader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Hurtigstart for Adobe Reader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bittorrent" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="\"C:\\PROGRA~1\\FELLES~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=dword:00000001 "AllowUnhashedWebView"=dword:00000001 "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Scan.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-29 12:47:11 C:\ComboFix2.txt ... 07-03-29 11:54 ok, done Lenke til kommentar
norbat Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 (endret) Hei, hautainn Fortsatt lar du ikke AVGas fjerne det den finner, men la oss gjøre det på en annen måte. Hent free edition av SAS, installer og oppdater. Lukk programmet. Klikk Start -> Kjør Skriv: services.msc Finn følgende tjenester og velg å stoppe dem om de kjører: MASEL (Event Log Audit) System Locate Notification Dobbeltklikk på tjenestene og under oppstartstype setter du 'Deaktivert' Start SAS, og kjør en 'Complete scan'. Pc'n vil muligens restarte etter endt scanning. Post en ny HJT-logg + loggen fra SAS (preferences->statistics/logs) Antar du har oversikt over O1 - Hosts: STOPzilla*** ? Endret 29. mars 2007 av norbat Lenke til kommentar
hautainn Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 Hei, hautainn Fortsatt lar du ikke AVGas fjerne det den finner, men la oss gjøre det på en annen måte. Hent free edition av SAS, installer og oppdater. Lukk programmet. Klikk Start -> Kjør Skriv: services.msc Finn følgende tjenester og velg å stoppe dem om de kjører: MASEL (Event Log Audit) System Locate Notification Dobbeltklikk på tjenestene og under oppstartstype setter du 'Deaktivert' Start SAS, og kjør en 'Complete scan'. Pc'n vil muligens restarte etter endt scanning. Post en ny HJT-logg + loggen fra SAS (preferences->statistics/logs) Antar du har oversikt over O1 - Hosts: STOPzilla*** ? 8268612[/snapback] Will do Men jeg skal fremdeles ikke gjøre noe med karantene filene norman har? Lenke til kommentar
norbat Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 De kan du selvfølgelig bare slette Lenke til kommentar
hautainn Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 De kan du selvfølgelig bare slette 8268698[/snapback] Jaij mens SAS scanner.. "Antar du har oversikt over O1 - Hosts: STOPzilla*** ?" Har ingen anelse? Husker at jeg hadde et spyware program som het Stopzilla.. Lenke til kommentar
norbat Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 Da tar vi den senere. La SAS få scanne i fred Lenke til kommentar
hautainn Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 SUPERAntiSpyware Scan Log Generated 03/29/2007 at 09:54 PM Application Version : 3.6.1000 Core Rules Database Version : 3208 Trace Rules Database Version: 1218 Scan type : Complete Scan Total Scan Time : 00:33:19 Memory items scanned : 426 Memory threats detected : 0 Registry items scanned : 5469 Registry threats detected : 0 File items scanned : 29698 File threats detected : 3 Adware.Tracking Cookie C:\Documents and Settings\sebastian-rosten.l\Cookies\[email protected][1].txt C:\Documents and Settings\sebastian-rosten.l\Cookies\[email protected][1].txt C:\Documents and Settings\sebastian-rosten.l\Cookies\[email protected][1].txt Logfile of HijackThis v1.99.1 Scan saved at 21:58, on 07-03-29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Norman\Bin\Zanda.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\SwiftSwitch\SwiftSwitch.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\sebastian-rosten.l\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O1 - Hosts: STOPzilla*** O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://intranett.ntvgs.no/ O16 - DPF: DirectEdit - https://www.its-learning.com//file/DirectEdit.CAB O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://intranett.ntvgs.no/meny/Activex/ikcntrls.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ntvgs.no O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: System Locate Notification - Unknown owner - C:\WINDOWS\svchost.exe (file missing) Lenke til kommentar
norbat Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O1 - Hosts: STOPzilla*** O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O23 - Service: System Locate Notification - Unknown owner - C:\WINDOWS\svchost.exe (file missing) Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Bruk utforsker og sjekk om du finner følgende fil (i fet) som du da sletter: C:\WINDOWS\svchost.exe Satte du tjenesten 'System Locate Notification' også til deaktivert i oppstartstype? Lenke til kommentar
hautainn Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 Satte du tjenesten 'System Locate Notification' også til deaktivert i oppstartstype? 8269294[/snapback] F. Deaktiverte System Event Notification. Beklager skal gjøre på nytt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå