beachboy Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 (endret) Hei! Etter å ha lett masse på nett for å fjerne dette så må jeg bare si som denne mannen: " I've tried everything to get rid of this nasty malware called Contravirus 2.0 My Ad-Aware scan did not get rid of it. " Jeg har fått avinnstalert programmet med CCleaner men det ligger igjen enn dll fil som overhode ikke vil vekk. Jeg forsøker nå å få til følgende: How to remove ContraVirus DLL files: Like most any software, spyware, adware, and malware may also use DLL files. DLL is short for “dynamically linked library,” and ContraVirus DLL files, like other DLLs, carryout predetermined tasks. To manually delete ContraVirus DLL files, you’ll use Regsver32, a Windows tool designed to help you remove DLL and other files. First you’ll locate ContraVirus DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.” To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the ContraVirus DLL file is located. If you’re not sure if the ContraVirus DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.” When you’ve located the ContraVirus DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key. That’s it. If you want to restore ContraVirus DLL file you removed, enter “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key. etter jeg har skrevet run og kommer inn så forstår jeg ikke hvordan jeg skal hente opp filen. Jeg skriver "cd " og legger inn filbanen, men får tilbake at den ikke finner anngitt bane... Noen her inne som vet en ok måte å fjerne dll filer på? Takker for all hjelp jeg kan få! Endret 16. juni 2007 av beachboy Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 Hei, Kjør gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene (SAS og HJT) det etterspørres om, poster du her i din egen tråd Lenke til kommentar
beachboy Skrevet 16. juni 2007 Forfatter Del Skrevet 16. juni 2007 (endret) Takk for hjelpen, her er logg filen Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 20:57:13, on 16.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\MagicTune Premium\MagicTuneEngine.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\TBPanel.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\MagicTune Premium\MagicTune.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\WinRAR\WinRAR.exe C:\DOCUME~1\TRINEO~1\LOKALE~1\Temp\Rar$EX00.562\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.db.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [nTrayFw] C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138020578359 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing) O23 - Service: MagicTuneEngine - Unknown owner - C:\Programfiler\MagicTune Premium\MagicTuneEngine.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe End of file - 8174 bytes-- Her erSAS filen: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 06/16/2007 at 08:46 PM Application Version : 3.8.1002 Core Rules Database Version : 3256 Trace Rules Database Version: 1267 Scan type : Complete Scan Total Scan Time : 00:25:33 Memory items scanned : 442 Memory threats detected : 0 Registry items scanned : 5513 Registry threats detected : 0 File items scanned : 37458 File threats detected : 3 Malware.ContraVirus C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D38D0F2-C70D-4E6D-8CE9-14BF521B343F}\RP68\A0042272.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D38D0F2-C70D-4E6D-8CE9-14BF521B343F}\RP68\A0042273.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D38D0F2-C70D-4E6D-8CE9-14BF521B343F}\RP68\A0042274.DLL Endret 16. juni 2007 av beachboy Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 Når SAS har kjørt og pc'n restartet, lager du en ny HJT-logg som du poster sammen med SAS loggen. Lenke til kommentar
beachboy Skrevet 16. juni 2007 Forfatter Del Skrevet 16. juni 2007 Takk De to filene ovenfor er oppdatert og nye. Denne gangen i rett rekkefølge. hehe Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 Hent Smitfraudfix, legg det på skrivebordet Start programmet og velg 1 (Search) Post loggen (vanligvis c:\rapport.txt) Lenke til kommentar
beachboy Skrevet 16. juni 2007 Forfatter Del Skrevet 16. juni 2007 (endret) ok her kommer loggen: -takk forresten Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.195 Scan done at 21:35:48,56, 16.06.2007 Run from C:\Documents and Settings\Trine Og Diana\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\MagicTune Premium\MagicTuneEngine.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\TBPanel.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\MagicTune Premium\MagicTune.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\Programfiler\WinRAR\WinRAR.exe C:\DOCUME~1\TRINEO~1\LOKALE~1\Temp\Rar$EX00.562\HiJackThis_v2.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\NOTEPAD.EXE C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\wincom27.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Trine Og Diana »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Trine Og Diana\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TRINEO~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programfiler »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Min gjeldende hjemmeside" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce Networking Controller - Miniport for pakkeplanlegger DNS Server Search Order: 84.208.20.110 DNS Server Search Order: 84.208.20.111 DNS Server Search Order: 85.119.136.140 DNS Server Search Order: 85.119.136.158 HKLM\SYSTEM\CCS\Services\Tcpip\..\{C66ABE62-6BD6-4601-A5DB-6A9554BC1392}: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CS1\Services\Tcpip\..\{C66ABE62-6BD6-4601-A5DB-6A9554BC1392}: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CS2\Services\Tcpip\..\{C66ABE62-6BD6-4601-A5DB-6A9554BC1392}: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End tilsynelatende er de filene jeg ville bli kvitt borte nå med hjelp fra SAS. Men maskinen er utrolig treg. Bruker 5-10 sek for å få opp VG. hmmmmm Kanskje du kan se noen feil på loggene mine? Tusen takk for at du gidder å bruke tiden din på dette!! Endret 16. juni 2007 av beachboy Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 (endret) Ok, vi fortsetter Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2 (clean) Post loggen + en ny HJT-logg Endret 16. juni 2007 av norbat Lenke til kommentar
beachboy Skrevet 16. juni 2007 Forfatter Del Skrevet 16. juni 2007 ok... men det hva velger jeg etter jeg har valgt F8?? har valget mellom 2 hardisker og noe... ingen ting som heter sikker modus der... hmmm. Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 Prøv: 1. Trykk noen ganger til på F8 og se om du får opp oppstartsvalgene med bla. Sikker modus 2. Velg system-harddisken, og fortsett å trykk på F8 for å se om du får oppstartsvalgene. 3. Hvis dette ikke fungerer, lar du bare pc'n starte opp som vanlig. Gå deretter til: Start -> Kjør Skriv: msconfig Under arkfanen Boot.ini, haker du av for \SAFEBOOT Restart. Pc'n skal nå boote i sikker modus. Lenke til kommentar
beachboy Skrevet 16. juni 2007 Forfatter Del Skrevet 16. juni 2007 ok... tror jeg fikk det til nå (sliter med bølåskjerm ved oppstart så jeg fikk den ett par ganger... men det skal komplett få fikse. hehe.) jeg valgte den første disken for safe modus... også sartet den opp. Regner da med at det er rett.... Jeg fikk nå denne loggen: Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.195 Scan done at 22:04:35,90, 16.06.2007 Run from C:\Documents and Settings\Trine Og Diana\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\wincom27.dll Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce Networking Controller - Miniport for pakkeplanlegger DNS Server Search Order: 84.208.20.110 DNS Server Search Order: 84.208.20.111 DNS Server Search Order: 85.119.136.140 DNS Server Search Order: 85.119.136.158 HKLM\SYSTEM\CCS\Services\Tcpip\..\{C66ABE62-6BD6-4601-A5DB-6A9554BC1392}: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CS1\Services\Tcpip\..\{C66ABE62-6BD6-4601-A5DB-6A9554BC1392}: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CS2\Services\Tcpip\..\{C66ABE62-6BD6-4601-A5DB-6A9554BC1392}: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=84.208.20.110 84.208.20.111 85.119.136.140 85.119.136.158 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 Ja, ser greit ut dette. Fjern avhukingen framfor \SAFEBOOT I normal modus poster du en ny HJT-logg. Lenke til kommentar
beachboy Skrevet 16. juni 2007 Forfatter Del Skrevet 16. juni 2007 hehe, hvor er den avhukingen?? *føler meg grønn...* Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 Du kan se bort fra \safeboot, hvis du ikke brukte alt. 3 (se tidligere post) Post HJT-loggen du Lenke til kommentar
beachboy Skrevet 16. juni 2007 Forfatter Del Skrevet 16. juni 2007 hehe, den er god:) Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 22:17:18, on 16.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\MagicTune Premium\MagicTuneEngine.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\MagicTune Premium\MagicTune.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\TBPanel.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\RTHDCPL.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Trine Og Diana\Skrivebord\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.db.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [nTrayFw] C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138020578359 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing) O23 - Service: MagicTuneEngine - Unknown owner - C:\Programfiler\MagicTune Premium\MagicTuneEngine.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8127 bytes Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 Kjør HJT, sett merke framfor følgende linje og klikk 'Fix checked': O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Ut over dette er loggen fin Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Hvordan kjører pc'n? Lenke til kommentar
beachboy Skrevet 16. juni 2007 Forfatter Del Skrevet 16. juni 2007 ok og tusen takk! Den kjører dessverre ikke så bra som den burde. Rett og slett treg. Bruker nå ca 5 sek å få opp dagbladet og 10 sek for å åpne en nyhet. Det er veldig tregt for denne maskinen har vært rask som ett uvær... men for all del. det kan jo være noe annet som er galt. Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 Hent denne filen, pakk den ut og dobbeltklikk på iereg.bat: IEreg.bat Restart, og se om det hjalp. Ut over dette kan du sjekke om det er noen systemfiler som er i ulage. Du trenger antakelig WinXP-cd'n: Klikk Start -> Kjør Skriv: sfc /scannow (mellomrom mellom sfc og / ) Restart, og se om det hjalp. Lenke til kommentar
beachboy Skrevet 16. juni 2007 Forfatter Del Skrevet 16. juni 2007 (endret) hey! hehe! -hva i all verden gjore den? flybensin? Lynet mitt er tilbake!! hehe Genialt! -men: hva gjore den?? Red: hmmm. var griserask første 5 min, men nå henger den litt... Endret 16. juni 2007 av beachboy Lenke til kommentar
norbat Skrevet 16. juni 2007 Del Skrevet 16. juni 2007 (endret) IEreg re-registrerer noen filer. Plages du fortsatt med treghet? Gjelder dette bare internett eller er det andre program som virker tregt? Prøv å oppdatere IE til siste versjon (IE 7.0) om du ikke har dette. Endret 17. juni 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå