PiaJenta Skrevet 22. november 2007 Del Skrevet 22. november 2007 har litt problemer med pc, både med det ene og det andre. installerte nettopp gratis home versjon av avast!, og den ula og peip flere ganger med trojan.. Kjørte HiJack og fikk denne sinnsykt altforlange beskjeden (hjelp!!) : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:03:10, on 22.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\LogiTray.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\Retrospect\Retrospect 7.5\retrorun.exe C:\Programfiler\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe C:\Programfiler\Alwil Software\Avast4\ashSimpl.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=no&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=no&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: {e5b4c393-b80f-c2bb-64f4-b5f5f243e831} - {138e342f-5f5b-4f46-bb2c-f08b393c4b5e} - C:\WINDOWS\system32\bdowqknn.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89F01AFD-3E7A-4683-8D11-EE398281DD02} - C:\WINDOWS\system32\vturp.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D0425EA2-3EBA-4D97-9A49-ECE2B23EA8F9} - C:\WINDOWS\system32\awvtr.dll (file missing) O2 - BHO: (no name) - {E6B46F36-2A02-4B23-8406-53554CDF5837} - C:\WINDOWS\system32\mllmn.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [ac2f9ed4] rundll32.exe "C:\WINDOWS\system32\ssylpjbg.dll",sitypnow O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ATnotes.exe] C:\Programfiler\ATnotes\ATnotes.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Programfiler\OpenOffice.org1.1.5\program\quickstart.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll (file missing) O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll (file missing) O20 - Winlogon Notify: rqrpmmm - rqrpmmm.dll (file missing) O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll O20 - Winlogon Notify: vturp - C:\WINDOWS\system32\vturp.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Programfiler\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Programfiler\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11946 bytes Lenke til kommentar
PiaJenta Skrevet 22. november 2007 Forfatter Del Skrevet 22. november 2007 (endret) Og rett etter jeg skrev dette pep og kom det frem sånn ting med trojan osv ca 20 gang etter hverandre. Tror ikke pc min har det helt bra egentlig.. (Driver og scanner med avast! da, kanskje det har noe med saken å gjøre?) Endret 22. november 2007 av PiaJenta Lenke til kommentar
Gunnar B Skrevet 22. november 2007 Del Skrevet 22. november 2007 Last inn loggfila de her , og analyser. Lenke til kommentar
PiaJenta Skrevet 22. november 2007 Forfatter Del Skrevet 22. november 2007 Kjørte en ny scan med HiJack fordi jeg hadde visst glemt å installere brannmur... (BRA!! ) Men uansett, så kjørte jeg en ny en og lima det inn i logfile greierne.. MEN hva skal jeg gjøre med de filene som er trussel? Og de som ikke står noe på, de kan ikke være trussel, eller? har ikke peiling jeg asså... HJELP! Her er den nye hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:06:16, on 22.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Comodo\Firewall\cmdagent.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Retrospect\Retrospect 7.5\retrorun.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\LogiTray.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\OpenOffice.org1.1.5\program\soffice.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=no&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=no&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: {e5b4c393-b80f-c2bb-64f4-b5f5f243e831} - {138e342f-5f5b-4f46-bb2c-f08b393c4b5e} - C:\WINDOWS\system32\bdowqknn.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89F01AFD-3E7A-4683-8D11-EE398281DD02} - C:\WINDOWS\system32\vturp.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D0425EA2-3EBA-4D97-9A49-ECE2B23EA8F9} - C:\WINDOWS\system32\awvtr.dll (file missing) O2 - BHO: (no name) - {E6B46F36-2A02-4B23-8406-53554CDF5837} - C:\WINDOWS\system32\mllmn.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [ac2f9ed4] rundll32.exe "C:\WINDOWS\system32\ssylpjbg.dll",sitypnow O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ATnotes.exe] C:\Programfiler\ATnotes\ATnotes.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Programfiler\OpenOffice.org1.1.5\program\quickstart.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll (file missing) O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll (file missing) O20 - Winlogon Notify: rqrpmmm - rqrpmmm.dll (file missing) O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll O20 - Winlogon Notify: vturp - C:\WINDOWS\system32\vturp.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programfiler\Comodo\Firewall\cmdagent.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Programfiler\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Programfiler\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12324 bytes Lenke til kommentar
norbat Skrevet 22. november 2007 Del Skrevet 22. november 2007 (endret) Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: {e5b4c393-b80f-c2bb-64f4-b5f5f243e831} - {138e342f-5f5b-4f46-bb2c-f08b393c4b5e} - C:\WINDOWS\system32\bdowqknn.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89F01AFD-3E7A-4683-8D11-EE398281DD02} - C:\WINDOWS\system32\vturp.dll (file missing) O2 - BHO: (no name) - {D0425EA2-3EBA-4D97-9A49-ECE2B23EA8F9} - C:\WINDOWS\system32\awvtr.dll (file missing) O2 - BHO: (no name) - {E6B46F36-2A02-4B23-8406-53554CDF5837} - C:\WINDOWS\system32\mllmn.dll (file missing) O4 - HKLM\..\Run: [ac2f9ed4] rundll32.exe "C:\WINDOWS\system32\ssylpjbg.dll",sitypnow O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll (file missing) O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll (file missing) O20 - Winlogon Notify: rqrpmmm - rqrpmmm.dll (file missing) O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll O20 - Winlogon Notify: vturp - C:\WINDOWS\system32\vturp.dll (file missing) Bearshare, er det noe du må ha? Hvis ikke avinstallerer du det fra legg til / fjern programmer Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\vtstu.dll Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Etter restart: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny hjt-logg. (Om Combofix gir melding om utdatert, setter du PC-en dato midlertidig tilbake til 17.11) Endret 22. november 2007 av norbat Lenke til kommentar
PiaJenta Skrevet 22. november 2007 Forfatter Del Skrevet 22. november 2007 Jeg gjorde akkurat som du sa, men combofix funka ikke helt...? Jeg prøvde å kjøre det og venta, etter 30 min scrolla jeg på scrollbaren for å se om det var noen beskjed der, det var det ikke. Fant ut jeg måtte gjort det feil, så starta det på nytt og gikk å laga (hjemmelaga!) pizza.. dvs 30-40min.. men fortsatt ingenting.. sto jo at det bare skulle ta 10min, eller hvis maskina er skikkelig ekkel dobbel så lang tid.. til meg tok det da 3-4ganger så mye.. Skal jeg prøve å kjøre det og håpe at den oppretter noen rapport? Lenke til kommentar
norbat Skrevet 22. november 2007 Del Skrevet 22. november 2007 Hvis det ikke fungerer kan vi prøve følgende: Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan. Post loggen fra SAS (preferences->statistics/logs) + ny hjt-logg. Lenke til kommentar
PiaJenta Skrevet 22. november 2007 Forfatter Del Skrevet 22. november 2007 Her er det jeg fant når jeg kjørte SUPERAntiSpyware, reeboota og leta etter loggen: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/22/2007 at 09:05 PM Application Version : 3.9.1008 Core Rules Database Version : 3348 Trace Rules Database Version: 1349 Scan type : Complete Scan Total Scan Time : 00:49:29 Memory items scanned : 638 Memory threats detected : 0 Registry items scanned : 6901 Registry threats detected : 21 File items scanned : 42452 File threats detected : 54 Adware.MyWebSearch HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable C:\PROGRAMFILER\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib C:\PROGRAMFILER\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL Adware.Vundo Variant HKLM\Software\Classes\CLSID\{52BB08D5-09CF-4968-B46B-8E520B3E01E8} HKCR\CLSID\{52BB08D5-09CF-4968-B46B-8E520B3E01E8} HKCR\CLSID\{52BB08D5-09CF-4968-B46B-8E520B3E01E8}\InprocServer32 HKCR\CLSID\{52BB08D5-09CF-4968-B46B-8E520B3E01E8}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\AWTQO.DLL Trojan.WinFixer HKLM\Software\Classes\CLSID\{C033E220-81D2-4CE6-A19F-E2138E18588E} HKCR\CLSID\{C033E220-81D2-4CE6-A19F-E2138E18588E} HKCR\CLSID\{C033E220-81D2-4CE6-A19F-E2138E18588E}\InprocServer32 HKCR\CLSID\{C033E220-81D2-4CE6-A19F-E2138E18588E}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\DDAYY.DLL Adware.Tracking Cookie C:\Documents and Settings\Pia\Cookies\[email protected][1].txt C:\Documents and Settings\Pia\Cookies\[email protected][1].txt C:\Documents and Settings\Pia\Cookies\[email protected][2].txt C:\Documents and Settings\Pia\Cookies\[email protected][1].txt C:\Documents and Settings\Pia\Cookies\pia@advertising[2].txt C:\Documents and Settings\Pia\Cookies\pia@tradedoubler[2].txt C:\Documents and Settings\Pia\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\gjest@advertising[1].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\gjest@doubleclick[2].txt C:\Documents and Settings\Gjest\Cookies\gjest@mediaplex[1].txt C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\gjest@serving-sys[2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\gjest@tradedoubler[2].txt C:\Documents and Settings\Gjest\Cookies\gjest@yourmedia[1].txt Adware.180solutions/ZangoSearch C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP356\A0153871.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP356\A0153872.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198252.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198253.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198254.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198255.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198256.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198257.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198258.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198261.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198263.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198264.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198265.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198266.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198268.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198269.DLL Adware.Vundo-Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP370\A0177128.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP371\A0181118.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP374\A0187118.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP381\A0198476.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP409\A0215222.DLL Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\BBEEG.BAK1 C:\WINDOWS\SYSTEM32\BBEEG.INI C:\WINDOWS\SYSTEM32\XYBEG.BAK1 C:\WINDOWS\SYSTEM32\XYBEG.INI Lenke til kommentar
PiaJenta Skrevet 24. november 2007 Forfatter Del Skrevet 24. november 2007 Noen som vet hva jeg skal gjøre da..? Lenke til kommentar
norbat Skrevet 24. november 2007 Del Skrevet 24. november 2007 Ja, du legger ut en ny HJT-logg Lenke til kommentar
PiaJenta Skrevet 25. november 2007 Forfatter Del Skrevet 25. november 2007 ja det var det ja, det glemte jeg helt.. :!: Men her er den da: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:52, on 2007-11-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Comodo\Firewall\cmdagent.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Retrospect\Retrospect 7.5\retrorun.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\LogiTray.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\OpenOffice.org1.1.5\program\soffice.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=no&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=no&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ATnotes.exe] C:\Programfiler\ATnotes\ATnotes.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Programfiler\OpenOffice.org1.1.5\program\quickstart.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programfiler\Comodo\Firewall\cmdagent.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Programfiler\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Programfiler\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11050 bytes Lenke til kommentar
norbat Skrevet 25. november 2007 Del Skrevet 25. november 2007 (endret) Litt opprydding: Du tviholder på Bearshare, ok, skal ikke mase noe mer om det --- Oppdater javaen din: http://java.com/en/download/index.jsp --- Klikk: start->kjør Skriv: cmd [klikk OK] Fra ledetekst skriver du: sc stop Symantec Core LC [klikk Enter] sc delete Symantec Core LC [klikk Enter] Exit [klikk Enter] --- Hvordan oppfører forøvrig PC-en seg? Endret 25. november 2007 av norbat Lenke til kommentar
PiaJenta Skrevet 25. november 2007 Forfatter Del Skrevet 25. november 2007 hvor skal jeg skrive det cmd og det? skjønte ikke helt det.. Det som er problemet med bear er at jeg ikke finner det..jeg kan søke da, så finner jeg det sikkert.. og sletter det, for det er unødvendig ja.. pc fungerer ellers veldig bra tror jeg.. Lenke til kommentar
norbat Skrevet 25. november 2007 Del Skrevet 25. november 2007 (endret) Du skriver cmd i kjør-vinduet - det feltet som står rett etter teksten Åpne: (kjør-vinduet finner du vanligvis når du klikker på start-knappen og deretter på Kjør) Du finner ikke Bearshare i legg til /fjern programmer? (kontrollpanelet->legg til/fjern programmer) Endret 25. november 2007 av norbat Lenke til kommentar
PiaJenta Skrevet 25. november 2007 Forfatter Del Skrevet 25. november 2007 åja, hehe i start-menyen på pc ja.. der man ping'er maskina.. nei finner ikke det, og når jeg søkte på det så sletta jeg alle mappene utenom en mappe som heter bearshare som er musikk i.. så det skal vel bli greit det håper jeg Lenke til kommentar
norbat Skrevet 25. november 2007 Del Skrevet 25. november 2007 Oki, Hvis følgende to linjer ligger i hjt, så kan du fixe dem: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/ O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause Surf trygt. Lenke til kommentar
PiaJenta Skrevet 25. november 2007 Forfatter Del Skrevet 25. november 2007 Tusen takk for hjelpa Du er en engel <3 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå