Gå til innhold

Diverse filer 'Har et problem og må lukkes' + HiJack-log

Gjest Slettet+981347864

Av Gjest Slettet+981347864
i IKT-drift og sikkerhet

Anbefalte innlegg

Gjest Slettet+981347864

Gjest Slettet+981347864

Skrevet
Skrevet (endret)

Hei !

 

Prøver å hjelpe ungene til en venn av meg med å få skikk på PC-en.

De hadde problemer med at den hang til stadighet.

 

Prøvde å gå inn og oppdaget at ved oppstart kom det en feilmelding på LiveUpdate (Symantec/Norton)

Vel inne konstaterte jeg at det ikke gikk å scanne disken fra Norton.

 

Søkte litt på nettet og fant et råd om å avinstallere og reinstallere, så jeg gjorde det, men i forbindelse med reinstalleringen fikk jeg melding om 'Setup har et problem og må lukkes'.

Har detfor installert antivirus fra AVAST i steden.

 

I tillegg får jeg tilsvarende melding 'Cleanmgr.exe har et problem og må lukkes' når jeg prøver å rydde harddisken, og samme type melding kommer ved forsøk på å starte MSN.

 

 

Leste litt på denne siden og har lastet ned HiJackThis og kjørt den. Legger ved loggen.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:38:07, on 02.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\SiteAdvisor\6066\SiteAdv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\SpyCatcher 2006\Scheduler daemon.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Programfiler\SpyCatcher 2006\SCActiveBlock.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [spyCatcher Reminder] "C:\Programfiler\SpyCatcher 2006\SpyCatcher.exe" reminder

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Programfiler\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: SpyCatcher Protector.lnk = C:\Programfiler\SpyCatcher 2006\Protector.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/18/...IPSUploader.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Unknown owner - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7142 bytes

 

 

PC-en har Windows XP, Windows defender aktivert, Automatisk windowsoppdatering, Norton Antivirus(nå AVAST) og SpyCatcher.

 

 

 

Jeg blir svært takknemlig hvis noen kan hjelpe meg.

 

mvh

Trygve

hijackthis_log_1_.txt

Endret av Slettet+981347864
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Det kjører fortsatt noen tjenester fra Norton, som kan deaktiveres (Start->Kjør, skriv: services.msc. Finn norton/symantec-tjenestene og stopp de om de kjører, dobbeltklikk på tjenesten og velg Deaktivert under oppstartstype)

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt).

Lenke til kommentar
Gjest Slettet+981347864

Gjest Slettet+981347864

Skrevet
Skrevet

Hei norbat !

 

Takk for at du tar deg tid til å hjelpe meg.

 

Jeg fant en Nortontjeneste som jeg nå har deaktivert.

 

Her er loggen fra Combofix. Håper den sier deg mer enn den sier meg.

Helt mot slutten kom en melding om at det var noe den ikke fikk sjekket fordi det var i bruk av et annet program, men jeg hadde ingen åpne vinduer. Antar at det kan ha vært SpyCatcher (som også reagerte en gang før Combofix begynte selve scanningen.)

 

 

mvh

Trygve

 

 

ComboFix 07-11-08.1 - Elisabeth Molteberg 2007-11-10 13:33:03.1 - NTFSx86

Running from: C:\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))

.

 

2007-11-10 13:15 1,539,258 --a------ C:\ComboFix.exe

2007-11-10 13:13 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-02 20:36 <DIR> d-------- C:\HiJackThis

2007-10-31 21:03 294 --a------ C:\dcof.reg

2007-10-31 17:53 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-10-31 17:53 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-31 17:53 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-31 17:53 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-31 17:53 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-31 17:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-31 17:52 <DIR> d-------- C:\Programfiler\Alwil Software

2007-10-31 17:52 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-10-31 16:58 49,181,904 --a------ C:\nis2007.exe

2007-10-31 16:45 <DIR> d-------- C:\Documents and Settings\Elisabeth Molteberg\Programdata\Symantec

2007-10-31 16:45 <DIR> d-------- C:\Documents and Settings\Benedicte Molteberg\Programdata\Symantec

2007-10-31 16:44 <DIR> d-------- C:\Programfiler\FGP

2007-10-31 16:44 <DIR> d-------- C:\Documents and Settings\Desiree Molteberg\Programdata\Symantec

2007-10-31 16:43 <DIR> d-------- C:\Programfiler\EA Games

2007-10-11 20:31 <DIR> d-------- C:\Documents and Settings\Desiree Molteberg\Programdata\Apple Computer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-07 06:02 --------- d-----w C:\Documents and Settings\Desiree Molteberg\Programdata\SiteAdvisor

2007-10-31 18:53 --------- d-----w C:\Programfiler\Symantec

2007-10-31 18:53 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-10-31 18:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2007-10-31 17:57 --------- d-----w C:\Programfiler\Java

2007-10-31 17:42 --------- d-----w C:\Documents and Settings\Elisabeth Molteberg\Programdata\SiteAdvisor

2007-10-26 21:00 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-10-04 13:39 --------- d-----w C:\Documents and Settings\Desiree Molteberg\Programdata\ACD Systems

2007-09-30 20:55 --------- d-----w C:\Programfiler\Japan_Photo_Bildeservice

2007-09-28 15:05 --------- d-----w C:\Documents and Settings\Elisabeth Molteberg\Programdata\ACD Systems

2007-09-28 14:59 --------- d-----w C:\Programfiler\Fellesfiler\ACD Systems

2007-09-28 14:58 --------- d-----w C:\Programfiler\ACD Systems

2007-09-28 14:58 --------- d-----w C:\Documents and Settings\All Users\Programdata\ACD Systems

2007-09-28 14:57 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys

2007-09-17 15:37 --------- d-----w C:\Programfiler\MSN Messenger

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpyCatcher Reminder"="C:\Programfiler\SpyCatcher 2006\SpyCatcher.exe" [2005-06-18 10:19]

"D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2005-04-22 16:51]

"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 15:21]

"HPHUPD05"="C:\Programfiler\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 15:51]

"HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38]

"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 14:41]

"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []

"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-10-05 22:11]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"PE2CKFNT SE"="C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-05-04 16:21]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-07-01 22:46]

"SiteAdvisor"="C:\Programfiler\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 16:42]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]

"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t

 

C:\Documents and Settings\Elisabeth Molteberg\Start-meny\Programmer\Oppstart\

OCRAWARE.lnk - C:\OPLIMIT\OCRAWARE.EXE [2007-02-04 19:24:23]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

SpyCatcher Protector.lnk - C:\Programfiler\SpyCatcher 2006\Protector.exe [2006-09-19 00:21:16]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=interceptor.dll

 

R3 es1969;ESS 1969-lyddriver (WDM);C:\WINDOWS\system32\drivers\es1969.sys

S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-11-10 11:49:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

.

**************************************************************************

 

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-10 13:46:18

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwQuerySystemInformation

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

C:\WINDOWS\system32\ANIWZCS{40DF3B66-F1E5-426D-BC5F-1C3C0A71B49D} 3284 bytes

C:\WINDOWS\system32\credui.dll 163840 bytes executable

C:\WINDOWS\system32\shfolder.dll 25088 bytes executable

C:\WINDOWS\system32\msxml4.dll 1275392 bytes executable

C:\WINDOWS\system32\MSXML4a.dll 44544 bytes executable

C:\WINDOWS\system32\MSXML4r.dll 82432 bytes executable

C:\WINDOWS\system32\wtsapi32.dll 18432 bytes executable

C:\WINDOWS\system32\hpvaut32.dll 626960 bytes executable

C:\WINDOWS\system32\hpvcp70.dll 487424 bytes executable

C:\WINDOWS\system32\hpvcr70.dll 344064 bytes executable

C:\WINDOWS\system32\rasadhlp.dll 8192 bytes executable

C:\WINDOWS\system32\xmlprovi.dll 50176 bytes executable

 

scan completed successfully

hidden files: 12

 

**************************************************************************

.

Completion time: 2007-11-10 13:50:50

.

--- E O F ---

Lenke til kommentar
Gjest Slettet+981347864

Gjest Slettet+981347864

Skrevet
Skrevet

Vet ikke hvorfor, men når jeg trykker Download for å hente 'Norton Removal tool' så jobber PC-en en stund, men det ser ut som om det er AVAST som jobber 'ash....', så viser oppgavebehandleren at aktiviteten er over, men noe mer skjer ikke.

 

Har kjørt CCleaner.

 

Her er ny HiJackThis-log :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:28:12, on 10.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\SiteAdvisor\6066\SiteAdv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ntvdm.exe

C:\OPLIMIT\ocrawr32.exe

C:\Programfiler\SpyCatcher 2006\Scheduler daemon.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dnbnor.no/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Programfiler\SpyCatcher 2006\SCActiveBlock.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [spyCatcher Reminder] "C:\Programfiler\SpyCatcher 2006\SpyCatcher.exe" reminder

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Programfiler\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: SpyCatcher Protector.lnk = C:\Programfiler\SpyCatcher 2006\Protector.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/18/...IPSUploader.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6854 bytes

 

 

 

Trygve

Lenke til kommentar
Gjest Slettet+981347864

Gjest Slettet+981347864

Skrevet
Skrevet (endret)

Det har gått greit å laste ned HiJackThis, Combofix og CCleaner. Det er bare Norton Removal Tool jeg ikke har klart å laste ned.

 

Samtidig sliter jeg med å åpne lenker. Jeg har måttet åpne en ny sesjon av IE og limt inn adressen du har gitt i lenkene dine for å få tak i dem. Hvis jeg bare trykker på lenken så blir det flittig aktivitet fra AVAST (ashServ.exe) og så skjer det ingenting.

Endret av Slettet+981347864
Lenke til kommentar
Gjest Slettet+981347864

Gjest Slettet+981347864

Skrevet
Skrevet (endret)

Deaktiverte AVAST og da fikk jeg lastet ned, så du har nok rett mhp innstillinger. Hvis jeg ikke husker helt feil justerte jeg opp fra Normal til Høy på en del ting da jeg installerte.

 

Når jeg prøver å kjøre får jeg denne meldingen :

"Symantec Removal Utility har et problem og må lukkes."

 

Dette er samme slags melding som jeg får for Cleanmgr.exe og når MSN prøver å kjøre, og også da jeg prøvde å reinstallere Norton.

 

 

Trygve

Endret av Slettet+981347864
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Det var ikke noen spor av Norton i den siste hjt-loggen, så du kunne evt. tatt et søk etter Norton / Symantec og slettet evt. funn manuelt.

 

Du kan sjekket om det er noen systemfiler som er i ulage:

 

Klikk: Start->Kjør

Skriv: sfc /scannow (mellomrom mellom sfc og / )

Mulig du trenger XP CD-en.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...