Gjest Slettet+987123897 Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 Kan nokon sjekke denne hjtloggen? Eg mistenkjer at det er noko gale med dataen. Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 01:11:18, on 02.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programfiler\Razer\Copperhead\razerhid.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\Razer\Copperhead\razerofa.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\jonas\Skrivebord\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [razer] C:\Programfiler\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Copperhead] C:\Programfiler\Razer\Copperhead\razerhid.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Torrent Finder] "C:\Programfiler\Torrent Finder\Torrent-Finder.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137417613093 O17 - HKLM\System\CCS\Services\Tcpip\..\{009C3F90-BE4B-4036-8E6D-1D99435BD7EC}: NameServer = 85.255.116.92,85.255.112.68 O17 - HKLM\System\CCS\Services\Tcpip\..\{6B1073C8-D2C8-4225-A904-BE6571D3F4FE}: NameServer = 85.255.116.92,85.255.112.68 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{009C3F90-BE4B-4036-8E6D-1D99435BD7EC}: NameServer = 85.255.116.92,85.255.112.68 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{009C3F90-BE4B-4036-8E6D-1D99435BD7EC}: NameServer = 85.255.116.92,85.255.112.68 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.68 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Lenke til kommentar
norbat Skrevet 2. juni 2007 Del Skrevet 2. juni 2007 Ja, du har rett i dine mistanker. Hent Fixwareout Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install. Sjekk at det er avkrysset i 'Run fixit'. Klikk Finish og fixet vil starte. Følg instruksjonen. Restart pc'n når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt ..... Når pc'n har restartet følger du bare instruksjonen som kommer på skjermen. Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': ------------------------ Alle O17-linjene O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) -------------------------- Restart pc'n Post en ny HJT-logg sammen med loggen fra Fixwareout (C:\fixwareout\report.txt) Lenke til kommentar
Gjest Slettet+987123897 Skrevet 2. juni 2007 Del Skrevet 2. juni 2007 (endret) HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 15:54:52, on 02.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programfiler\Razer\Copperhead\razerhid.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\Razer\Copperhead\razerofa.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Documents and Settings\jonas\Skrivebord\test.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [razer] C:\Programfiler\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Copperhead] C:\Programfiler\Razer\Copperhead\razerhid.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Torrent Finder] "C:\Programfiler\Torrent Finder\Torrent-Finder.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137417613093 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe (O17 forsvann slik at eg ikkje kunne slette dei. Det ser ut som om 023 norman greiene ikkje vil la seg slette) Fixwareout Klikk for å se/fjerne innholdet nedenfor Fixwareout Last edited 5/15/2007 Post this report in the forums please ... »»»»»Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdkea.exe" »»»»» »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other C:\WINDOWS\Temp\kdkea.ren 66379 04.08.2004 »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "NVMixerTray"="\"C:\\Programfiler\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "razer"="C:\\Programfiler\\Razer\\Copperhead\\razerhid.exe" "Adobe Photo Downloader"="\"C:\\Programfiler\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programfiler\\iTunes\\iTunesHelper.exe\"" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "SunJavaUpdateSched"="\"C:\\Programfiler\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "Copperhead"="C:\\Programfiler\\Razer\\Copperhead\\razerhid.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="\"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe\" /background" "Skype"="\"C:\\Programfiler\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "Torrent Finder"="\"C:\\Programfiler\\Torrent Finder\\Torrent-Finder.exe\"" "BitTorrent"="\"C:\\Programfiler\\BitTorrent\\bittorrent.exe\" --force_start_minimized" "DAEMON Tools"="\"C:\\Programfiler\\DAEMON Tools\\daemon.exe\" -lang 1033" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» Endret 2. juni 2007 av Slettet+987123897 Lenke til kommentar
norbat Skrevet 2. juni 2007 Del Skrevet 2. juni 2007 Klikk Start -> Kjør Skriv: sc delete NipSvc Slett deretter C:\Norman Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Loggen din ser fin ut. Antar problemet ditt er borte? Uansett, en runde med et antispywareprog. er en god rutine. Om du har en favoritt, anvender du den. Hvis ikke, kan jeg anbefale gratisversjonen til SuperAntispyware Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå