Orochimaru Skrevet 21. september 2007 Del Skrevet 21. september 2007 (endret) Hei alle sammen! Jeg poster En HiJackThis Logg for å se om det er noen vemmeligheter på Dataen. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:21:10, on 21.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Dantz\Retrospect 7.0\retrorun.exe C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\Programfiler\F-Secure\Common\FCH32.EXE C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Common\FIH32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\mHotkey.exe C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\Programfiler\MessengerPlus! 3\MsgPlus.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\NETGEAR\WG111v2\WG111v2.exe C:\Programfiler\Wireless LAN Utility\SiWake.exe C:\Programfiler\INITIO\Toshiba PushButton Manager v1.381\inihid.exe C:\Programfiler\Wireless LAN Utility\SiSCFG.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and settings\Otten\Lokale innstillinger\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nordicmafia.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itavisen.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {B641489F-1F21-A515-1C89-70188F4FA078} - C:\DOCUME~1\Avatar\PROGRA~1\ONCEFR~1\Each Nurb.exe (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Move Bias Ping Warn] C:\Documents and settings\All Users\Programdata\Meet poll move bias\NOUN BALM.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ? O4 - Global Startup: SiWake.lnk = C:\Programfiler\Wireless LAN Utility\SiWake.exe O4 - Global Startup: Toshiba PushButton Manager v1.381.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programfiler\Fellesfiler\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103809220312 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{30ACEF21-6FAD-4F0F-899F-3359C7A8274C}: NameServer = 217.13.7.140 O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Programfiler\Dantz\Retrospect 7.0\retrorun.exe O23 - Service: Retrospect Helper - EMC Dantz - C:\Programfiler\Dantz\Retrospect 7.0\rthlpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10236 bytes Takk for hjelp! =) Endret 21. september 2007 av Orochimaru Lenke til kommentar
Svenni212000 Skrevet 21. september 2007 Del Skrevet 21. september 2007 Eneste tegn på noe nasty er; O2 - BHO: (no name) - {B641489F-1F21-A515-1C89-70188F4FA078} - C:\DOCUME~1\Avatar\PROGRA~1\ONCEFR~1\Each Nurb.exe (file missing) - O4 - HKLM\..\Run: [Move Bias Ping Warn] C:\Documents and settings\All Users\Programdata\Meet poll move bias\NOUN BALM.exe NOUN BALM.exe ~ Trojan.Swizzor Info Last ned og kjør en full scan med TrendMicro HouseCall 6.6 Kjør et nytt, godt og oppdatert Antispyware program (Full scan) Start så opp HJT og slett Each Nurb.exe entrien over. Du Har også noen unødvendige prosesser som starter sammen med Windows. Her er eksempler på prosesser du kan deaktivere fra din PC [Ta en titt her] ¤ nwiz.exe /install ¤ HDAudPropShortcut.exe ¤ NeroCheck.exe ¤ CMService.exe ¤ ISUSPM.exe ¤ issch.exe ¤ qttask.exe" -atboottime ¤ jusched.exe ¤ daemon.exe" -lang 1033 ¤ ImScInst.exe ¤ TINTSETP.EXE /SYNC ¤ TINTSETP.EXE /IMEName ¤ steam.exe" -silent ¤ CTFMON.EXE ¤ CTsvcCDA.EXE - Lenke til kommentar
Orochimaru Skrevet 23. september 2007 Forfatter Del Skrevet 23. september 2007 Takk. Men er ikke HouseCall sin nåværende versjon 6.5? Lenke til kommentar
norbat Skrevet 23. september 2007 Del Skrevet 23. september 2007 Housecall 6.6 er en prerelease og kan kjøres herfra: http://prerelease.trendmicro-europe.com/hc66/launch/. Det anbefales allikevel å holde seg til 6.5. Du har fått en Lop-infeksjon, noe som du antakelig har fått gjennom installasjon av MSN Plus. Denne infeksjonen lager en oppføring i jobblisten. Du kan f.eks. bruke NoLop.exe for å rydde litt i dette. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Last deretter ned SAS, installer, oppdater og kjør en full (Complete) scan. Post ny HJT-logg sammen med loggen fra SAS (preferences->statistics/logs) Lenke til kommentar
Orochimaru Skrevet 23. september 2007 Forfatter Del Skrevet 23. september 2007 Takk. Skal gjøre dette når jeg kommer til farsan senere. Kan du si litt mer om Lop Infeksjonen? Sounds interesing. Lenke til kommentar
norbat Skrevet 23. september 2007 Del Skrevet 23. september 2007 En 'lop-infeksjon' er knyttet til lop.com. Ta et googlesøk på lop.com så finner du nok av informasjon om dette Lenke til kommentar
Orochimaru Skrevet 25. september 2007 Forfatter Del Skrevet 25. september 2007 Jeg tror jeg har fått et Virus. F Secure Sier så. Win eller noe. En trojaner. Skal kjøre housecall snart. Driver med SAS nå. Håper å få fjerne tingene. Lenke til kommentar
Orochimaru Skrevet 25. september 2007 Forfatter Del Skrevet 25. september 2007 Her er HiJackThis Loggen.. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:28:02, on 25.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Dantz\Retrospect 7.0\retrorun.exe C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\Programfiler\F-Secure\Common\FCH32.EXE C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Common\FIH32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\mHotkey.exe C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Programfiler\NETGEAR\WG111v2\WG111v2.exe C:\Programfiler\Wireless LAN Utility\SiWake.exe C:\Programfiler\INITIO\Toshiba PushButton Manager v1.381\inihid.exe C:\Programfiler\Wireless LAN Utility\SiSCFG.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and settings\Otten\Lokale innstillinger\Temp\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itavisen.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {B641489F-1F21-A515-1C89-70188F4FA078} - C:\DOCUME~1\Avatar\PROGRA~1\ONCEFR~1\Each Nurb.exe (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [Move Bias Ping Warn] C:\Documents and settings\All Users\Programdata\Meet poll move bias\NOUN BALM.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ? O4 - Global Startup: SiWake.lnk = C:\Programfiler\Wireless LAN Utility\SiWake.exe O4 - Global Startup: Toshiba PushButton Manager v1.381.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programfiler\Fellesfiler\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103809220312 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{30ACEF21-6FAD-4F0F-899F-3359C7A8274C}: NameServer = 217.13.7.140 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Programfiler\Dantz\Retrospect 7.0\retrorun.exe O23 - Service: Retrospect Helper - EMC Dantz - C:\Programfiler\Dantz\Retrospect 7.0\rthlpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10293 bytes SAS Loggen. SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 09/25/2007 at 06:18 PM Application Version : 3.9.1008 Core Rules Database Version : 3312 Trace Rules Database Version: 1315 Scan type : Complete Scan Total Scan Time : 00:48:47 Memory items scanned : 468 Memory threats detected : 0 Registry items scanned : 6658 Registry threats detected : 0 File items scanned : 43982 File threats detected : 2 Adware.Lop C:\SYSTEM VOLUME INFORMATION\_RESTORE{556F4475-710F-4A4A-BB23-680701BA7D65}\RP702\A0128656.EXE Adware.WhenU C:\SYSTEM VOLUME INFORMATION\_RESTORE{556F4475-710F-4A4A-BB23-680701BA7D65}\RP702\A0128657.EXE Lenke til kommentar
Orochimaru Skrevet 25. september 2007 Forfatter Del Skrevet 25. september 2007 Av En eller annen grunn når jeg skal slette disse 2 greiene. Gjennoppdretter de seg selv. Når jeg da kjører SAS Fjerner dritten. Voilia! F-Secure sier at det er et Virus.. Slette med F-Secure. Greit. Men det er fremdeles ikke borte! Help! Lenke til kommentar
Orochimaru Skrevet 25. september 2007 Forfatter Del Skrevet 25. september 2007 HouseCall Fant ikke noe! Selv om det er Virus på PC-en! Lenke til kommentar
Orochimaru Skrevet 25. september 2007 Forfatter Del Skrevet 25. september 2007 Hjelp! =( Jeg føler at PC-en spises opp! Lenke til kommentar
norbat Skrevet 25. september 2007 Del Skrevet 25. september 2007 1. Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {B641489F-1F21-A515-1C89-70188F4FA078} - C:\DOCUME~1\Avatar\PROGRA~1\ONCEFR~1\Each Nurb.exe (file missing) O4 - HKLM\..\Run: [Move Bias Ping Warn] C:\Documents and settings\All Users\Programdata\Meet poll move bias\NOUN BALM.exe 2. Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Folders to delete: C:\DOCUME~1\Avatar\PROGRA~1\ONCEFR~1 C:\Documents and settings\All Users\Programdata\Meet poll move bias Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. 3. Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. 4. Hent deretter Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. 5. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny HJT-logg Lenke til kommentar
Orochimaru Skrevet 26. september 2007 Forfatter Del Skrevet 26. september 2007 Combofix! =) Klikk for å se/fjerne innholdet nedenfor ComboFix 07-09-21.2 - "Otten" 2007-09-26 15:31:44.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.135 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 ))))))))))))))))))))))))))))))) . 2007-09-26 15:30 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-25 18:47 212 --a------ C:\delete.bat 2007-09-25 15:31 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-09-25 15:31 <DIR> d-------- C:\DOCUME~1\Otten\PROGRA~1\SUPERAntiSpyware.com 2007-09-25 15:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-09-25 15:30 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-09-25 15:25 <DIR> d-------- C:\NoLopBackups 2007-09-23 19:08 <DIR> d-------- C:\DOCUME~1\Otten\.housecall6.6 2007-09-08 17:33 49,152 --a------ C:\WINDOWS\system32\SiSWBase.dll 2007-09-08 17:33 237,568 --a------ C:\WINDOWS\system32\SiSWPars.dll 2007-09-08 17:33 155,648 --a------ C:\WINDOWS\system32\SiSWInst.dll 2007-09-08 11:54 <DIR> dr-h----- C:\DOCUME~1\Otten\Siste 2007-09-04 20:06 <DIR> d-------- C:\DOCUME~1\Otten\PROGRA~1\Panasonic 2007-09-02 20:02 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-26 15:41 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-09-26 15:41 --------- d-------- C:\Programfiler\Steam 2007-09-25 16:13 --------- d-------- C:\Programfiler\DAEMON Tools 2007-09-18 19:02 --------- d-------- C:\DOCUME~1\Otten\PROGRA~1\LimeWire 2007-09-08 20:35 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Retrospect 2007-09-08 17:33 --------- d-------- C:\Programfiler\Wireless LAN Utility 2007-09-08 17:33 --------- d-------- C:\Programfiler\SiS162u 2007-09-05 15:20 --------- d-------- C:\Programfiler\World of Warcraft 2007-08-20 19:56 --------- d-------- C:\Programfiler\LimeWire 2007-08-15 14:41 --------- d-------- C:\Programfiler\MSXML 4.0 2007-08-15 11:49 --------- d-------- C:\Programfiler\Pcsx2 2007-08-13 17:36 --------- d-------- C:\Programfiler\MaNGOS WoW Server 2004-12-23 14:27:21 8 --sh--r C:\WINDOWS\system32\F30928A2D0.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "Snarvei til egenskapsside for High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 17:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Cmaudio"="cmicnfg.cpl" [] "Dit"="Dit.exe" [2004-07-20 19:18 C:\WINDOWS\Dit.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe] "CHotkey"="mHotkey.exe" [2004-02-24 15:05 C:\WINDOWS\mHotkey.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "PCMService"="C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" [2004-10-29 21:34] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2003-05-16 01:41] "F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.exe" [2002-12-05 16:24] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2005-11-02 16:13] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 14:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2005-11-02 16:13] "BitTorrent"="C:\Programfiler\BitTorrent\bittorrent.exe" [] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46] "Steam"="c:\programfiler\steam\steam.exe" [2007-09-18 15:59] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\ LUMIX Simple Viewer.lnk - C:\Programfiler\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-05-30 21:09:03] NETGEAR WG111v2 Smart Wizard.lnk - C:\Programfiler\NETGEAR\WG111v2\WG111v2.exe [2007-07-11 22:43:28] SiWake.lnk - C:\Programfiler\Wireless LAN Utility\SiWake.exe [2005-04-29 20:51:48] Toshiba PushButton Manager v1.381.lnk - C:\Programfiler\INITIO\Toshiba PushButton Manager v1.381\inihid.exe [2005-12-28 23:50:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R1 SSHDRV79;SSHDRV79;\??\C:\WINDOWS\system32\drivers\SSHDRV79.sys R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE R2 cnmpar21;Canon BJ Port Driver Cnmpar21;\??\C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\cnmpar21.sys R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSfilter.sys R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSgk.sys R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSrec.sys R2 FSpm;F-Secure Policy Manager;\??\C:\Programfiler\F-Secure\Common\FSPM.SYS R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys R3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys R3 XUIF;X10 USB Wireless Transceiver;C:\WINDOWS\system32\Drivers\x10ufx2.sys S3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS S3 ICAM5USB;Intel® PC Camera CS110;C:\WINDOWS\system32\Drivers\Icam5USB.sys S3 idrmkl;idrmkl;\??\C:\DOCUME~1\Avatar\LOKALE~1\Temp\idrmkl.sys S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-26 15:40:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FSAA] "ImagePath"="\"C:\Programfiler\F-Secure\Common\FSAA.EXE\"" . Completion time: 2007-09-26 15:42:37 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-26 15:42 . --- E O F --- HiJackThis! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:45:10, on 26.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Dantz\Retrospect 7.0\retrorun.exe C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\Programfiler\F-Secure\Common\FCH32.EXE C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Common\FIH32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\mHotkey.exe C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Programfiler\NETGEAR\WG111v2\WG111v2.exe C:\Programfiler\Wireless LAN Utility\SiWake.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\INITIO\Toshiba PushButton Manager v1.381\inihid.exe C:\Programfiler\Wireless LAN Utility\SiSCFG.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and settings\Otten\Lokale innstillinger\Temp\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itavisen.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ? O4 - Global Startup: SiWake.lnk = C:\Programfiler\Wireless LAN Utility\SiWake.exe O4 - Global Startup: Toshiba PushButton Manager v1.381.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programfiler\Fellesfiler\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103809220312 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{30ACEF21-6FAD-4F0F-899F-3359C7A8274C}: NameServer = 217.13.7.140 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Programfiler\Dantz\Retrospect 7.0\retrorun.exe O23 - Service: Retrospect Helper - EMC Dantz - C:\Programfiler\Dantz\Retrospect 7.0\rthlpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10040 bytes Lenke til kommentar
norbat Skrevet 26. september 2007 Del Skrevet 26. september 2007 - og hvordan kjører PC-en? Lenke til kommentar
Orochimaru Skrevet 26. september 2007 Forfatter Del Skrevet 26. september 2007 Helt greit. Men jeg vurderer å Reformatere. Den har blitt brukt 2 år uten Reformatering. Jeg skal ta en Backup på filene og reformatere siden. -Tusen Takk norbat! Nå har jeg lært en masse nytt! Glad vi har deg på forumet! Grunnen til reformatering er at jeg ønsker å starte på nytt. Jeg fikk denne PC-en av brosan for en stund siden. Vi reformaterte ikke før jeg fikk den. Tusen takk for all hjelp! =) Er det noe kurs for analyse av sånne logger? Jeg vil også hjelpe folk! =) Lenke til kommentar
norbat Skrevet 26. september 2007 Del Skrevet 26. september 2007 (endret) Vel, du trenger ikke å reinstallere pga. dette, men hvis du absolutt vil, så..... Det du kan gjøre er: 1. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' til det ikke finner flere feil. 2. 'Nullstill' gjenopprettingsmappa: Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. 3. Sjekk om PC-en trenger diskdefragmentering: Tilbehør->systemverktøy->diskdefragmentering 4. Kjør en full scan med av-programmet ditt. Endret 26. september 2007 av norbat Lenke til kommentar
Orochimaru Skrevet 26. september 2007 Forfatter Del Skrevet 26. september 2007 Takke Takk for tips, men jeg vurderer å Reinstallere hele PC-en. Tror den vil kjøre mye bedere da. Internettet Later også til å ha klikka. Vær gang jeg spiller et spill så kobler den seg ut! =( Når jeg skal spille CS For eksempel. Online.. Jaa! Spille! =) Etter noen få sekunder så lagger det! Og da slutter CS av og det kommer en melding.. ERROR!=NO ERROR! Vil du at jeg skal ta Screenshot av det eller? Lenke til kommentar
norbat Skrevet 26. september 2007 Del Skrevet 26. september 2007 Ikke nødvendig med skjermbilde. Du kan sjekke for oppdateringer (windows, skjermkort etc.), men hvis du har bestemt deg for reinstallering så er det vel bare å kjøre på med det Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå