Zumcern Skrevet 23. mai 2007 Del Skrevet 23. mai 2007 Har fått et problem i det siste, hver gang jeg starter opp maskinen starter programet svchost opp. Det kommer ikke opp noe på skjermen men det kommer opp under prossesser på oppgavebehandling. Dette står og bruker mellom 20-50% av CPU konstant. Må avslutte prossessen hver gang jeg starten maskinen. Samsung SpinPoint P120S 250GB SATA2 Gainward GeForce 7950GT 256MB,1,2ns DDR3 TwinMOS DDR2 PC4200 2048MB Dual Pack KIT ,w/two matched DDR2 PC4200 1024MB CL4 MSI P965 NEO-F, P965, Socket-775, ATX, SATAII, GbLAN, DDR2, PCI-Ex16 Intel Core 2 Duo E6300 1.86GHz Socket LGA775, 2MB, BOXED m/vifte Noen som vet hva dette kommer av? Lenke til kommentar
PerB Skrevet 23. mai 2007 Del Skrevet 23. mai 2007 svchost.exe er sen sentral del av Windows men kan også være en trojaner: Description: svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. Note: svchost.exe is a process registered as a backdoor vulnerability which may be installed for malicious purposes by an attacker allowing access to your computer from remote locations, stealing passwords, Internet banking and personal data. If unaccounted for, this process should be removed immediately. Note: svchost.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. Note: svchost.exe is a process belonging to Microsoft Service Host Process. This program is a non-essential process, but should not be terminated unless suspected to be causing problems. Determining whether this process is a virus or a legitimate Windows process depends on the directory location it executes or runs from in WinTasks. Lenke til kommentar
Zumcern Skrevet 24. mai 2007 Forfatter Del Skrevet 24. mai 2007 Okei, fant viruset som forårsaket det, men får ikke slettet filen! HjelP! Lenke til kommentar
PerB Skrevet 24. mai 2007 Del Skrevet 24. mai 2007 Hvilket virus er det? Det er forskjellig metode avhengig av type virus. Hjemmesiden til Antivirusprogramleverandørene vil ofte beskrive hva du må gjøre. Lenke til kommentar
Zeph Skrevet 24. mai 2007 Del Skrevet 24. mai 2007 Denne tråden var feilpostet og er blitt flyttet til riktig kategori. Lenke til kommentar
norbat Skrevet 24. mai 2007 Del Skrevet 24. mai 2007 Hei, magnuzzz Følg langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Post de loggene det etterspørres i tråden din her. Lenke til kommentar
Jallenbo Skrevet 24. mai 2007 Del Skrevet 24. mai 2007 Eller hva med å gjøre det enklere? Start opp i sikkermodus og følg følgende guide. Mye enklere: Jeg vil anbefale deg å prøve en virussjekk og en spywaresjekk i følgende rekkefølge: Dersom du har Windows XP kan en systemgjenoppretting etter at du har fjernet virusene føre til at du stiller tilbake maskinen til å være infisert igjen. Prøv først å fjerne virusene uten å deaktivere systemgjenoppretting. Dersom du klarer å desinfisere maskinen stenger du av systemgjenoppretting, restarter og setter på systemgjenoppretting igjen. Dersom du ikke klarer å fjerne virus kan en systemgjenoppretting fungere, velg da et gjenopprettingspunkt hvor du VET du ikke var infisert. All skanning etter virus og spyware skal du nå foreta i sikkermodus med nettverk. Følg lenken dersom du ikke vet hvordan du starter i Sikkermodus med nettverk. Foreta en virusskanning i nettleseren din med BitDefender. Dersom du finner virus starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning. Deretter tar du en spywaresjekk med Ewido Onlinescan. Dersom du finner spyware starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning. Så snart du har fått til å kjøre begge skannerne uten at de gir indikasjon på virus eller spyware er du ferdig med å skanne og skal starte maskinen i vanlig modus igjen. Deretter kan du gå videre til å installere antivirusprogramvare og antispyware dersom du ikke har noe slikt fra før. Slike programmer finner du på oss.viztnd.com/secprog.shtml. Les her dersom du ønsker informasjon om hva spyware er og hvordan du best mulig kan holde PC-en din ren for dette. Les her dersom du ønsker lenker til informasjon om hva virus, trojanere og ormer er. Når det gjelder sikkermodus skal du IKKE gjøre noe annet imens, dvs du skal ikke sitte og surfe her eller andre steder. Dette fordi du da kan starte spionprogrammene eller virusene manuelt. Ovenstående svar med virus og spywaresjekk er basert på en utvidelse for Firefox som henter hurtigsvar på enkelte gjentagende spørsmål. Svarene hentes fra http://hurtigsvar.viztnd.com og utvidelsen til Firefox kan hentes fra www.home.no/apepost for de som ønsker det. Lenke til kommentar
Gjest medlem-105082 Skrevet 24. mai 2007 Del Skrevet 24. mai 2007 Det er kanskje enklere, men sikkert ikke like effektivt. En Hijackthis logg skjuler mye rart. Lenke til kommentar
Zumcern Skrevet 24. mai 2007 Forfatter Del Skrevet 24. mai 2007 Har fått fjertet det, var en trojaner som fulgte med en nedlastet fil Brukte et program som sletter filer som du kan slette manuelt, pga av feil, filen er i bruk osv Lenke til kommentar
norbat Skrevet 25. mai 2007 Del Skrevet 25. mai 2007 Ville uansett postet en Hijackthis-logg. Denne kan fortelle om det er noe mer som bør sjekkes ut. I tilfelle, så start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Zumcern Skrevet 29. mai 2007 Forfatter Del Skrevet 29. mai 2007 Her er loggfilen: Logfile of HijackThis v1.99.1 Scan saved at 22:28:01, on 29.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Gizmo Project\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CPUCooL\CooLSrv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Eset\nod32krn.exe C:\Norman\Nvc\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Acronis\Malware Shield\psh_svc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Saitek\Software\ProfilerU.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\WINDOWS\TBPanel.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Norman\bin\ZLH.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\npfmsg2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Acronis\PrivacyExpert\Shield.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {65D91425-D591-DF6A-C55D-FCCD2F1ED494} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {65D91425-D591-DF6A-C55D-FCCD2F1ED494} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\Program Files\Acronis\PrivacyExpert\Blocker.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\Program Files\BitLord\Downloads\Bitlord Pro (UseNext)\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\svchost.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [shield] C:\Program Files\Acronis\PrivacyExpert\Shield.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\Program Files\Acronis\PrivacyExpert\Blocker.dll O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\Program Files\Acronis\PrivacyExpert\Blocker.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133169979437 O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing) O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Nvc\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Acronis Malware Shield Service (psh_svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Malware Shield\psh_svc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Lenke til kommentar
norbat Skrevet 30. mai 2007 Del Skrevet 30. mai 2007 Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': R3 - URLSearchHook: (no name) - {65D91425-D591-DF6A-C55D-FCCD2F1ED494} - (no file) O2 - BHO: (no name) - {65D91425-D591-DF6A-C55D-FCCD2F1ED494} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing) Last ned SDFix til skrivebordet. Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix Restart pc'n i sikker modus (tapp F8 under oppstart, velg sikker modus) Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet Velg Y for å starte rensingen Pc'n vil restarte, og SDFix vil fortsette. Post en ny HJT-logg + loggen fra SDFix (vil ligge som Report.txt i SDFix-mappa). Lenke til kommentar
Zumcern Skrevet 30. mai 2007 Forfatter Del Skrevet 30. mai 2007 A SDFix: Version 1.85 Run by Administrator - 30.05.2007 - 23:24:37,79 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Name: COM+ Messages ImagePath: "C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 COM+ Messages - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\Program Files\Bifrost\klog.dat - Deleted C:\Program Files\Bifrost\server.exe - Deleted C:\Program Files\InetGet2\apcsetup.exe - Deleted C:\WINDOWS\system32\unsvchosts.exe - Deleted C:\WINDOWS\system32\unsvchosts.lzma - Deleted Folder C:\Program Files\Bifrost - Removed Folder C:\Program Files\InetGet2 - Removed Removing Temp Files... ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: HJT: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Documents and Settings\\Magnus Sumstad\\My Documents\\My Music\\3DMark 2006 Professional 1.0.2 Crack.exe"="C:\\Documents and Settings\\Magnus Sumstad\\My Documents\\My Music\\3DMark 2006 Professional 1.0.2 Crack.exe:*:Enabled:3DMark 2006 Professional 1.0.2 Crack" "C:\\WINDOWS\\system32\\winctl32.exe"="C:\\WINDOWS\\system32\\winctl32.exe:*:Enabled:winctl32" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord" "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander" "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas" "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "C:\\Program Files\\BitLord\\Downloads\\Bitlord Pro (UseNext)\\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\\svchost.exe"="C:\\Program Files\\BitLord\\Downloads\\Bitlord Pro (UseNext)\\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\\svchost.exe:*:Enabled:Generic Host Process for Win32 Services" "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster" "C:\\Program Files\\Gizmo Project\\mDNSResponder.exe"="C:\\Program Files\\Gizmo Project\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Gizmo Project\\Gizmo.exe"="C:\\Program Files\\Gizmo Project\\Gizmo.exe:*:Enabled:Gizmo Project" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Fjernhjelp - Windows Messenger og Stemme" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\SDFix\SDFix\backups\backups.zip Checking For Files with Hidden Attributes: C:\Documents and Settings\Magnus Sumstad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Thumbs.db C:\Documents and Settings\Magnus Sumstad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Thumbs.db C:\Documents and Settings\Magnus Sumstad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Thumbs.db C:\Documents and Settings\Magnus Sumstad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Thumbs.db C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\WINDOWS\?ecurity\s?oolsv.exe C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished Logfile of HijackThis v1.99.1 Scan saved at 23:39:46, on 30.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Gizmo Project\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CPUCooL\CooLSrv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Eset\nod32krn.exe C:\Norman\Nvc\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Saitek\Software\ProfilerU.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\WINDOWS\TBPanel.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Norman\bin\ZLH.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\BIN\npfmsg2.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133169979437 O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Nvc\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Lenke til kommentar
norbat Skrevet 30. mai 2007 Del Skrevet 30. mai 2007 (endret) Kjør HJT, sett merke framfor følgende linlje og klikk fix checked: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/ Du har flere antivirusprogrammer installert. Bestem deg for ett og avinstaller de andre. Når dette er gjort bør du nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Hvordan kjører forøvrig pc'n? Endret 30. mai 2007 av norbat Lenke til kommentar
Zumcern Skrevet 30. mai 2007 Forfatter Del Skrevet 30. mai 2007 Er det ikke lurt å ha systemgjenoppretting hivs pcen kræsjer? Pcen min kjører helt ok etter at jeg slettet trojaneren Eneste å sette fingern på er at den er litt treg i oppstarten, men det har den vært fra dag 1 (kjøpte pcen ny) Lenke til kommentar
norbat Skrevet 30. mai 2007 Del Skrevet 30. mai 2007 De siste rundene har fjernet spyware og du bør derfor 'nullstille' systemgjenopprettingen slik at du ikke blir infisert ved en evt. systemgjenoppretting. Du skal selvfølgelig slå den på igjen (les nøye ) slik at du kan bruke denne funksjonen om pc'n 'kræsjer'. At pc'n din er 'treg' kan skyldes at du bla. har 3 antivirusprogram installert. Det kan også ligge en del programmer i oppstarten som ikke trenger å ligge der. Lenke til kommentar
Zumcern Skrevet 30. mai 2007 Forfatter Del Skrevet 30. mai 2007 Har vært i msconfig og tatt vekk de programene som ikke trengs under oppstart. Skal slett et av virusprogramene i morgen, skal legg meg nå Lenke til kommentar
Zumcern Skrevet 31. mai 2007 Forfatter Del Skrevet 31. mai 2007 Hvilket av antivirus programene bør jeg beholde? Evt foreslå et nytt et Lenke til kommentar
norbat Skrevet 31. mai 2007 Del Skrevet 31. mai 2007 Alle 3 er gode, så hva du velger blir en smakssak. Både NOD32 og Norman krever lisens, har du ikke dette (fordi det er demo), beholder du Avast. Har du imidlertid lisens så får du bare ta det som du synes passer deg best. Lenke til kommentar
thrml Skrevet 31. mai 2007 Del Skrevet 31. mai 2007 Jeg har 7 sånne, er vell ingen fare med dem? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå