MisfiT83 Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Har fått et virus som jeg ikke blir kvitt :S Har NOD32 virusprogram, og Ad-Aware. Har og prøvd AVG Anti-Rootkit, Panda Anti-Rootkit, RootkitRevealer og McAfee Rootkit Detective. Fikk viruset når jeg lastet ned et program, og åpnet det, .exe fil (i know, stupid) Nytter ikke å trykke på slett. Noen forslag? Lenke til kommentar
Sewero Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Hvordan fjerne virus/spyware hvis allerede infisert? Det finnes veldig mange måter å fjerne virus/spyware på, og det finnes en del vanskelige metoder, men her det grunnleggende: 1: Ta et systemsøk med et antivirusprogram 2: Ta et systemsøk med et antispywareprogram 3: Ta et systemsøk med et rootkit verktøy. Det kan også være lurt å ta en virusscan med onlinescannere. For forskjellige antivirus kan finne forskjellige infiseringer. Alle onlinescannere er såklart gratis! http://housecall.trendmicro.com/ http://www.bitdefender.com/scan8/ie.html http://www.kaspersky.com/kos/english/kavwebscan.html Lenke til kommentar
Syar-2003 Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Les teksten fra NOD . Filen er satt i quarantine. Neste vindu nektes Explorer aksess til filen nettop pga at NOD blokkerer den. Så ditt antivirus ser ut til å ha gjort jobben sin... Sletting gjøres vel via NOD (=Purge/emtpy quaratine) . Lenke til kommentar
Barkster Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Start maskina i sikkermodus og scann på nytt. Lenke til kommentar
norbat Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Post gjerne en hjt-logg: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Orochimaru Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Prorat er en gammel kjensel ja! Haha! Har du prøvd å laste ned RAT tools eller? x) Eller så er det du som har lastet ned en fil. Denne type Trojansk hest blir produsert i PRORAT Check it out! http://en.wikipedia.org/wiki/Prorat Den er enkel å fjerne! Lykke til! Følg rådene til NorBat! Lenke til kommentar
MisfiT83 Skrevet 9. desember 2007 Forfatter Del Skrevet 9. desember 2007 Hjelper dette? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:26:54, on 09.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE D:\Programmer\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe D:\Programmer\NOD32\nod32krn.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Acer\eRecovery\Monitor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe D:\Programmer\NOD32\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Anders Ericson\Skrivebord\utorrent.exe D:\Programmer\Win Themes\Vista Inspirat 2\RocketDock\RocketDock.exe D:\Programmer\Win Themes\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\services.exe C:\WINDOWS\system32\svchost.exe D:\Programmer\Firefox\firefox.exe D:\Programmer\Programmer\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Programfiler\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [nod32kui] "D:\Programmer\NOD32\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Anders Ericson\Skrivebord\utorrent.exe" O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = D:\Programmer\Win Themes\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = D:\Programmer\Win Themes\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmer\Ad-Aware 2007\aawservice.exe O23 - Service: AEOMDF - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\AEOMDF.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmer\NOD32\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6143 bytes Lenke til kommentar
norbat Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\services.exe C:\WINDOWS\system32\fservice.exe Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix. (vanligvis c:\combofix.txt) + ny hjt-logg Lenke til kommentar
MisfiT83 Skrevet 9. desember 2007 Forfatter Del Skrevet 9. desember 2007 ComboFix 07-12-09.1 - Anders Ericson 2007-12-10 0:30:16.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.1140 [GMT 1:00] Running from: C:\Documents and Settings\Anders Ericson\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\ktd32.atm C:\WINDOWS\services.exe C:\WINDOWS\system\sservice.exe C:\WINDOWS\system32\fservice.exe C:\WINDOWS\system32\winkey.dll . ((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))) . 2007-12-09 22:03 . 2007-12-09 22:03 <DIR> d--hs---- C:\Documents and Settings\Anders Ericson\Siste 2007-12-09 20:30 . 2007-12-09 20:30 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-12-09 20:22 . 2007-12-09 20:23 <DIR> d-------- C:\WINDOWS\Sun 2007-12-07 16:49 . 2007-12-07 16:49 <DIR> d-------- C:\Programfiler\Winamp 2007-12-07 00:14 . 2007-12-07 00:14 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Incomplete 2007-12-07 00:11 . 2007-12-07 00:11 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Programdata\LimeWire 2007-12-06 02:25 . 2007-12-09 19:42 105 --a------ C:\WINDOWS\system32\fservice.exe.bat 2007-12-06 02:10 . 2007-12-06 02:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2007-12-06 02:05 . 2007-12-06 02:05 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-12-06 00:46 . 2007-12-06 00:47 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Xfire 2007-12-06 00:46 . 2007-12-06 00:46 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Programdata\Xfire 2007-12-06 00:23 . 2007-12-06 00:23 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Programdata\Hamachi 2007-12-06 00:23 . 2007-12-06 00:23 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-12-05 21:46 . 2007-12-05 21:46 <DIR> d-------- C:\Programfiler\MSXML 6.0 2007-12-05 17:38 . 2007-12-05 17:38 268 --ah----- C:\sqmdata03.sqm 2007-12-05 17:38 . 2007-12-05 17:38 244 --ah----- C:\sqmnoopt03.sqm 2007-12-04 22:58 . 2007-12-04 22:58 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2007-12-04 22:57 . 2007-12-04 22:57 <DIR> d-------- C:\Programfiler\MSBuild 2007-12-04 22:54 . 2007-12-04 22:54 65,542 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-12-04 22:53 . 2007-12-04 22:53 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-12-04 22:53 . 2007-12-04 22:53 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2007-12-04 22:50 . 2007-12-04 22:50 <DIR> d-------- C:\Programfiler\Reference Assemblies 2007-12-04 22:50 . 2007-12-04 22:54 6,144 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-12-04 22:49 . 2007-12-04 22:49 <DIR> d-------- C:\WINDOWS\BricoPacks 2007-12-04 22:49 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-12-04 22:32 . 2007-12-04 22:32 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Contacts 2007-12-04 22:31 . 2007-12-04 22:31 268 --ah----- C:\sqmdata02.sqm 2007-12-04 22:31 . 2007-12-04 22:31 244 --ah----- C:\sqmnoopt02.sqm 2007-12-04 21:39 . 2007-12-04 21:39 268 --ah----- C:\sqmdata01.sqm 2007-12-04 21:39 . 2007-12-04 21:39 244 --ah----- C:\sqmnoopt01.sqm 2007-12-04 21:19 . 2004-03-26 10:53 <DIR> d-------- C:\TEMP\Fonts 2007-12-04 21:19 . 2004-03-30 11:28 <DIR> d-------- C:\TEMP 2007-12-04 21:19 . 2004-04-02 14:48 388,466 --a------ C:\TEMP\Assault2.exe 2007-12-04 21:19 . 2004-04-02 15:02 298,527 --a------ C:\TEMP\Fonts.exe 2007-12-04 21:19 . 2004-04-02 14:37 532 --a------ C:\TEMP\assault.bat 2007-12-04 17:22 . 2007-12-04 17:22 268 --ah----- C:\sqmdata00.sqm 2007-12-04 17:22 . 2007-12-04 17:22 244 --ah----- C:\sqmnoopt00.sqm 2007-12-04 17:14 . 2007-01-18 13:38 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-12-04 17:14 . 2007-12-04 17:14 1,533 --a------ C:\WINDOWS\mozver.dat 2007-12-04 17:08 . 2007-12-04 17:08 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE 2007-12-04 17:08 . 2007-12-04 17:08 <DIR> d-------- C:\Programfiler\MSN Messenger 2007-12-04 16:58 . 2007-12-04 16:58 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Programdata\vlc 2007-12-04 00:37 . 2007-08-20 11:03 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-04 00:37 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-04 00:37 . 2007-03-08 06:11 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-04 00:37 . 2007-08-20 11:03 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-04 00:37 . 2007-08-20 11:03 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-04 00:37 . 2007-08-20 11:03 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-04 00:37 . 2007-08-20 11:03 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-04 00:37 . 2007-08-20 11:03 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-04 00:37 . 2007-08-17 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-04 00:36 . 2007-12-04 00:36 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-12-04 00:28 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-04 00:23 . 2007-12-04 00:23 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Programdata\uTorrent 2007-12-04 00:21 . 2007-12-04 00:19 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-12-04 00:21 . 2007-12-04 00:19 270,336 --a------ C:\WINDOWS\system32\imon.dll 2007-12-03 23:59 . 2007-12-03 23:59 <DIR> d-------- C:\Programfiler\ATI Technologies 2007-12-03 23:59 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-12-03 23:58 . 2007-12-03 23:58 <DIR> d-------- C:\ATI 2007-12-03 23:56 . 2007-12-03 23:56 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Programdata\Talkback 2007-12-03 23:56 . 2007-12-03 23:56 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-03 23:50 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-03 23:48 . 2007-12-03 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\eConsole 2007-12-03 23:44 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-03 23:42 . 2007-12-10 00:28 0 --------- C:\WINDOWS\system32\eRLog.ini 2007-12-03 23:40 . 2005-05-27 11:06 253,952 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe 2007-12-03 21:39 . 2007-12-03 21:39 <DIR> d-------- C:\Programfiler\Fellesfiler\ArcSoft 2007-12-03 21:39 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-12-03 21:39 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-12-03 21:38 . 2007-12-03 21:38 <DIR> d-------- C:\Programfiler\Java 2007-12-03 21:38 . 2007-12-03 21:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2007-12-03 21:37 . 2005-10-21 21:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS 2007-12-03 21:37 . 2005-10-21 21:36 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS 2007-12-03 21:37 . 2005-10-21 21:36 <DIR> d-------- C:\Documents and Settings\Anders Ericson\WINDOWS 2007-12-03 21:37 . 2005-10-21 21:24 <DIR> dr------- C:\Documents and Settings\Anders Ericson\Start-meny 2007-12-03 21:37 . 2005-10-21 21:24 <DIR> d--h----- C:\Documents and Settings\Anders Ericson\Skrivere 2007-12-03 21:37 . 2005-10-21 21:24 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Skrivebord 2007-12-03 21:37 . 2005-10-21 21:46 <DIR> d-------- C:\Documents and Settings\Anders Ericson\Programdata\Symantec 2007-12-03 21:37 . 2005-10-21 21:24 <DIR> d--h----- C:\Documents and Settings\Anders Ericson\Programdata 2007-12-03 21:37 . 2007-12-04 00:52 <DIR> dr------- C:\Documents and Settings\Anders Ericson\Mine dokumenter 2007-12-03 21:37 . 2005-10-21 21:24 <DIR> d--h----- C:\Documents and Settings\Anders Ericson\Maler 2007-12-03 21:37 . 2005-10-21 21:24 <DIR> d--h----- C:\Documents and Settings\Anders Ericson\Lokale innstillinger 2007-12-03 21:37 . 2007-12-03 21:37 <DIR> dr------- C:\Documents and Settings\Anders Ericson\Favoritter 2007-12-03 21:37 . 2005-10-21 21:24 <DIR> d--h----- C:\Documents and Settings\Anders Ericson\AndrMask 2007-12-03 21:34 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 21:54 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-12-04 21:54 218,624 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll 2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys 2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll 2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\dllcache\ati3duag.dll 2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll 2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll 2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-10-25 16:44 12,880,384 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2004-08-04 19:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00] "µTorrent"="C:\Documents and Settings\Anders Ericson\Skrivebord\utorrent.exe" [2007-07-22 13:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SoundMan"="SOUNDMAN.EXE" [2005-06-08 08:31 C:\WINDOWS\SOUNDMAN.EXE] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00] "eRecoveryService"="C:\Programfiler\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03] "ntiMUI"="C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2005-02-24 22:32 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "nod32kui"="D:\Programmer\NOD32\nod32kui.exe" [2007-12-04 00:19] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00] C:\Documents and Settings\Anders Ericson\Start-meny\Programmer\Oppstart\ RocketDock.lnk - D:\Programmer\Win Themes\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02] UberIcon.lnk - D:\Programmer\Win Themes\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08] R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R2 int15.sys;int15.sys;\??\C:\Programfiler\acer\eRecovery\int15.sys S3 AEOMDF;AEOMDF;C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\AEOMDF.exe . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> D:\Programmer\Win Themes\Vista Inspirat 2\UberIcon\UberIcon.dll -> D:\Programmer\Win Themes\Vista Inspirat 2\RocketDock\RocketDock.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-10 00:32:53 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-10 0:33:37 - machine was rebooted . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:35:20, on 10.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE D:\Programmer\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Acer\eRecovery\Monitor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe D:\Programmer\NOD32\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Anders Ericson\Skrivebord\utorrent.exe D:\Programmer\Win Themes\Vista Inspirat 2\RocketDock\RocketDock.exe D:\Programmer\Win Themes\Vista Inspirat 2\UberIcon\UberIcon Manager.exe D:\Programmer\NOD32\nod32krn.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe D:\Programmer\Firefox\firefox.exe D:\Programmer\Programmer\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Programfiler\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [nod32kui] "D:\Programmer\NOD32\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Anders Ericson\Skrivebord\utorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = D:\Programmer\Win Themes\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = D:\Programmer\Win Themes\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmer\Ad-Aware 2007\aawservice.exe O23 - Service: AEOMDF - Unknown owner - C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\AEOMDF.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmer\NOD32\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5938 bytes Lenke til kommentar
norbat Skrevet 10. desember 2007 Del Skrevet 10. desember 2007 Bruk utforsker til å finne og slett (i fet): C:\WINDOWS\system32\fservice.exe.bat Ta en scan med NOD igjen og se om den finner noe og evt. hvor det ligger. Lenke til kommentar
MisfiT83 Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Finner ikke /fservice.exe.bat bare /fservice.exe, men har scanna med NOD og Ad-Aware uten at de fant noe. Betyr det at jeg er kvitt dtitten eller? Lenke til kommentar
norbat Skrevet 10. desember 2007 Del Skrevet 10. desember 2007 Den /fservice.exe skal bort, så vi prøver følgende: Last ned SDFix til skrivebordet. Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix Restart PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus) Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet Velg Y for å starte rensingen PC-en vil restarte, og SDFix vil fortsette. Når du har gjort dette, poster du en ny HJT-logg + loggen fra SDFix (vil ligge som Report.txt i SDFix-mappa). Lenke til kommentar
MisfiT83 Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 SDFix: Version 1.117 Run by Anders Ericson on 10.12.2007 at 18:03 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-10 18:06:33 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Documents and Settings\\Anders Ericson\\Skrivebord\\UTORRENT.EXE"="C:\\Documents and Settings\\Anders Ericson\\Skrivebord\\UTORRENT.EXE:*:Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Sun 30 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll" Sun 30 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Sun 30 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll" Sun 30 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll" Sun 30 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll" Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Programfiler\Messenger\msmsgs.exe" Wed 4 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:09:30, on 10.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE D:\Programmer\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe D:\Programmer\NOD32\nod32krn.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Acer\eRecovery\Monitor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE D:\Programmer\NOD32\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Anders Ericson\Skrivebord\utorrent.exe D:\Programmer\Win Themes\Vista Inspirat 2\RocketDock\RocketDock.exe D:\Programmer\Win Themes\Vista Inspirat 2\UberIcon\UberIcon Manager.exe D:\Programmer\Firefox\firefox.exe D:\Programmer\Programmer\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Programfiler\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [nod32kui] "D:\Programmer\NOD32\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Anders Ericson\Skrivebord\utorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = D:\Programmer\Win Themes\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = D:\Programmer\Win Themes\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmer\Ad-Aware 2007\aawservice.exe O23 - Service: AEOMDF - Unknown owner - C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\AEOMDF.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmer\NOD32\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6000 bytes Lenke til kommentar
norbat Skrevet 10. desember 2007 Del Skrevet 10. desember 2007 Litt opprydding: Kjør HJT, velg "DO a system scan only", sett merke framfor følgende linje og klikk Fix checked: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O23 - Service: AEOMDF - Unknown owner - C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\AEOMDF.exe (file missing) KLikk: Start->Kjør SKriv: services.msc Finn og stopp følgende tjeneste om den kjører, høyreklikk på tjenesten og under oppstartstype setter du Deaktivert: AEOMDF Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Ut over dette ser loggene dine fine ut. Hvordan kjører forøvrig PC-en? Lenke til kommentar
MisfiT83 Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Done and done Tusen tusen takk for hjelpen. Hvordan pc-en kjører, som i om noe annet som ikke virker 100% ? Nja tror den skal være helt fin nå Lenke til kommentar
norbat Skrevet 10. desember 2007 Del Skrevet 10. desember 2007 "Hvordan pc-en kjører, som i om noe annet som ikke virker 100% ?" Neida, mer det om alt virker ok i forbindelse med det opprinnelige problemet. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt. Lenke til kommentar
MisfiT83 Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Takk igjen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå