Gjest Slettet+231324246 Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 Tror PC-en min har fått dataorm. CPU går i taket ved det minste tastetrykk og flere programmer har helt eller delvis sluttet å fungere. Ville avinstallere IE, men det går ikke. Hvis jeg åpner IE-mappen under Programfiles for å tvangsslette filene, multipliserer de seg selv umiddelbart. Dette er symtomer på orm, er det ikke? Har kjørt dypscan med AVG (gratisversjon), Ad-Aware, CCleaner, Spybot, SuperAntiSpyware Free Edition, så det store spørsmålet er: Hva gjør jeg nå? Lenke til kommentar
Programvare Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 Vi har flotte guider på dette forumet https://www.diskusjon.no/index.php?showtopic=691246 Lenke til kommentar
Gjest Slettet+231324246 Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 Høres bra ut det, men linken funker dessverre ikke . . . Lenke til kommentar
norbat Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Programvare Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 Linken fungerer utmerket Lenke til kommentar
Khaffner Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 Jeg tror jeg har samme problem som trådstarter, gidder noen å sjekke loggen min? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:14:27, on 21.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NDAS\System\ndassvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\etMon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Creative\Shared Files\CTSched.exe C:\WINDOWS\system32\ctfmon.exe E:\rydd 1\FreeRAM XP Pro 1.22.exe C:\Program Files\DNsoft.be\Shutdown Scheduler\PC Shutdown.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Program Files\Remotec\Multimedia Master 100\MultiMedia Master 100.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing) O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [emMON] emMON.exe O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreeRAM XP] "E:\rydd 1\FreeRAM XP Pro 1.22.exe" -win O4 - HKCU\..\Run: [shutdown_Manager] C:\Program Files\DNsoft.be\Shutdown Scheduler\PC Shutdown.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe O4 - Startup: MultiMedia Master 100.lnk = C:\Program Files\Remotec\Multimedia Master 100\MultiMedia Master 100.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158264757748 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file) O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7422 bytes Lenke til kommentar
norbat Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 khaffner: Ja, det ligger litt rusk der, så kjør gjennom langversjonen i følgnede post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene som lages, poster du i en ny tråd som du oppretter. Lenke til kommentar
Gjest Slettet+231324246 Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 Har kjørt HijackThis og fått loggen analysert hos http://www.hijackthis.de De "godkjente" alt - men stilte spørsmålstegn ved de to nederste Her er loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:43:32, on 21.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\TELES\ISDN Tools\tisdnmon.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\TELES\ISDN Tools\cwd.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://adsl.online.no R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TISDNMonitor] C:\Program Files\TELES\ISDN Tools\tisdnmon.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099155924787 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/turid/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Component 1: (no name) - file:///C:/temp/msohtml1/01/clip_image001.jpg Lenke til kommentar
Gjest Slettet+231324246 Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 . . . og jeg kommer ikke inn på linken! Årsak: IPS Driver Error Lenke til kommentar
norbat Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 (endret) HJT-loggen ser ikke ille ut. Vi kan prøve en annen logg som evt. kan vise noe mer: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Endret 21. desember 2007 av norbat Lenke til kommentar
Gjest Slettet+231324246 Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 PC Tools Spyware Doctor har funnet 4 inntrengninger på maskinen min. En av dem ser kritisk ut, den er ihvertfall helt rød: Name: Dialer.Netvision_Dialer Threat Level: High Description: NetVision is a dialer from Carima Enterprises. It attempts to dial high-cost phone numbers using a modem. Type: Dialer By: Carima Enterprises Limited Also known as: Carima Dialer Dialer.Trafficadvance[symantec] Variant: Dialer.Dialmin.Gen Removal: This infection can be removed using Spyware Doctor. MEN jeg får ikke fjernet noe uten å betale!!! Prøver Combofix - takk så langt Lenke til kommentar
norbat Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 Spyware Doctor er et bra prog. Forteller det hvor disse filene ligger? Disse dialerne har mistet noe av brodden sin ettersom de fleste? nå har bredbånd, men vekk skal den så post loggen fra combofix + evt. si noe om hvor disse filene som SD finner, ligger. Lenke til kommentar
petnor Skrevet 21. desember 2007 Del Skrevet 21. desember 2007 Ad-Aware 2007 er gratis! du får nedlasta den her http://www.download.com/Ad-Aware-2007-Free...4-10045910.html Lykke til (du trenger ikke å betale) Lenke til kommentar
Gjest Slettet+231324246 Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 Dette er loggen fra ComboFix: Lenke til kommentar
Gjest Slettet+231324246 Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 (endret) . ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-22 02:42 . 2007-12-22 02:42 53,248 --a------ C:\TEMP\jvtulrqs.dll 2007-12-21 13:22 . 2007-12-21 13:23 1,393 --a------ C:\WINDOWS\imsins.BAK 2007-12-21 00:57 . 2007-12-21 16:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-21 00:57 . 2007-12-21 00:57 <DIR> d-------- C:\Documents and Settings\Turid \Application Data\SUPERAntiSpyware.com 2007-12-21 00:57 . 2007-12-21 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-21 00:43 . 2007-12-21 16:04 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-20 19:41 . 2007-12-22 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-20 18:27 . 2007-12-20 18:27 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2007-12-19 23:30 . 2007-12-19 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2007-12-19 23:14 . 2007-12-20 20:46 <DIR> d-------- C:\Documents and Settings\Turid\Application Data\Uniblue 2007-12-12 15:55 . 2007-12-12 15:57 <DIR> d-------- C:\Program Files\Winamp3 2007-12-12 15:55 . 2007-12-12 15:55 41 --a------ C:\WINDOWS\winampa.ini 2007-12-12 14:55 . 2007-12-20 21:31 <DIR> d-------- C:\Documents and Settings\Turid\Application Data\AVG7 2007-12-12 14:52 . 2007-12-12 14:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-12 14:51 . 2007-12-12 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-12 14:51 . 2007-12-20 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-12-10 23:30 . 2007-12-11 00:02 <DIR> d-------- C:\Documents and Settings\Turid\Application Data\Winamp 2007-12-10 22:45 . 2007-12-10 22:46 <DIR> d-------- C:\Program Files\CCleaner 2007-12-10 20:03 . 2007-12-20 11:37 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-12-10 20:03 . 2007-12-10 20:03 <DIR> d-------- C:\Documents and Settings\Turid\Application Data\PC Tools 2007-12-10 20:03 . 2007-12-21 22:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-10 20:03 . 2007-12-14 08:36 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-10 20:03 . 2007-12-14 08:36 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-10 20:03 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-10 20:03 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-10 20:02 . 2007-12-10 20:02 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2007-12-10 20:02 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-10 16:20 . 2007-12-10 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-10 16:19 . 2007-12-21 00:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-06 00:33 . 2007-12-06 00:33 <DIR> d-------- C:\Program Files\Windows Defender . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-22 01:43 --------- d-----w C:\Documents and Settings\Turid\Application Data\Skype 2007-12-21 21:49 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys 2007-12-19 14:35 --------- d-----w C:\Documents and Settings\Turid\Application Data\OpenOffice.org2 2007-12-16 18:05 --------- d-----w C:\Documents and Settings\Turid\Application Data\AdobeUM 2007-12-14 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 14:22 --------- d-----w C:\Program Files\Winamp 2007-12-12 20:03 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-12 19:42 --------- d-----w C:\Program Files\Opera 2007-12-12 19:39 --------- d-----w C:\Program Files\Opera7 2007-12-12 13:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-10 15:20 --------- d-----w C:\Program Files\Lavasoft 2007-12-10 10:11 --------- d-----w C:\Program Files\Google 2007-12-05 23:31 5,154,304 ----a-w C:\Program Files\WindowsDefender.msi 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 13:32 --------- d-----w C:\Program Files\eMule 2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-23 10:24 --------- d-----w C:\Program Files\Java 2007-09-26 11:01 1,056 --sha-w C:\zvnjawt3.sys . ((((((((((((((((((((((((((((( snapshot@2007-12-21_22.51.46.54 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-21 16:09:20 60,556 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-21 21:53:51 60,556 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-21 16:09:20 397,718 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-21 21:53:51 397,718 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 16:20] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-10 11:11] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TISDNMonitor"="C:\Program Files\TELES\ISDN Tools\tisdnmon.exe" [2000-06-26 10:59] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 09:55] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 09:51] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 08:37] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-10-14 13:44] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-10-27 22:38] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-05-06 17:22] "SbUsb AudCtrl"="RunDll32 sbusbdll.dll" [] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "CTSysVol"="C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe" [2003-02-17 17:25] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31] "IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" [2004-03-10 21:02] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-10 11:33] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 C:\WINDOWS\SOUNDMAN.EXE] "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2005-07-11 09:44] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-12-10 20:32] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-12 14:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-12 14:51] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-27 22:35:14] EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2003-11-05 21:50:43] EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 00:10:00] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-01-06 19:38:44] Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-12-02 17:03:08] ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-12-02 17:02:34] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-06-03 22:40:18] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys [2003-12-09 08:43] R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2007-12-21 22:49] R2 PDIHWCTL;PDIHWCTL;C:\WINDOWS\system32\drivers\pdihwctl.sys [2005-10-30 06:19] R3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys [2001-08-17 13:48] R3 tnt1tr6;tnt1tr6;C:\WINDOWS\system32\DRIVERS\tnt1tr6.sys [2000-06-26 10:44] R3 tnt8208;tnt8208;C:\WINDOWS\system32\DRIVERS\tnt8208.sys [2000-06-26 10:46] R3 tntcapi;tntcapi;C:\WINDOWS\system32\DRIVERS\tntcapi.sys [2000-06-26 10:45] R3 tntdss1;tntdss1;C:\WINDOWS\system32\DRIVERS\tntdss1.sys [2000-06-26 10:45] R3 tnthdlc;tnthdlc;C:\WINDOWS\system32\DRIVERS\tnthdlc.sys [2000-06-26 10:46] R3 tntkrn;tntkrn;C:\WINDOWS\system32\DRIVERS\tntkrn.sys [2000-06-26 10:47] R3 tnts0cfg;tnts0cfg;C:\WINDOWS\system32\DRIVERS\tnts0cfg.sys [2000-06-26 10:48] R3 tnts0pci;tnts0pci;C:\WINDOWS\system32\DRIVERS\tnts0pci.sys [2000-06-26 10:49] R3 tntt30;tntt30;C:\WINDOWS\system32\DRIVERS\tntt30.sys [2000-06-26 10:47] R3 tntv110;tntv110;C:\WINDOWS\system32\DRIVERS\tntv110.sys [2000-06-26 10:50] R3 tntwan;tntwan;C:\WINDOWS\system32\DRIVERS\tntwan.sys [2000-06-26 10:50] R3 WEBNTACCESS;WEBNTACCESS;C:\WINDOWS\system32\NTACCESS.SYS [2005-08-12 15:23] S3 eyeonedp;eye-one display;C:\WINDOWS\system32\DRIVERS\eyeonedp.sys [2005-11-01 05:17] S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys [] S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [] *Newly Created Service* - WEBNTACCESS . Contents of the 'Scheduled Tasks' folder "2007-12-21 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe "2007-12-22 00:46:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2007-12-19 22:14:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-12-19 22:14:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-12-20 00:35:46 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2007-12-20 00:24:39 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 02:42:59 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Endret 22. desember 2007 av Slettet+231324246 Lenke til kommentar
Gjest Slettet+231324246 Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 Spyware Doctor er et bra prog. Forteller det hvor disse filene ligger? Disse dialerne har mistet noe av brodden sin ettersom de fleste? nå har bredbånd, men vekk skal den så post loggen fra combofix + evt. si noe om hvor disse filene som SD finner, ligger. Det sies at de ligger her, men jeg klarer ikke å finne dem . . . Visitor's assessment Analyzerdetails Unknown O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/turid/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg Kind Visitor's assessment Analyzerdetails Unknown O24 - Desktop Component 1: (no name) - file:///C:/temp/msohtml1/01/clip_image001.jpg Lenke til kommentar
norbat Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/turid/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Component 1: (no name) - file:///C:/temp/msohtml1/01/clip_image001.jpg Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for en sjekk: C:\zvnjawt3.sys (mulig du må sette på 'Vis skjulte filer og mapper + muligheten til å se skjulte systemfiler) Last ned Killbox Start Killbox Velg å 'Delete on reboot' Følgende skal settes inn: C:\TEMP\jvtulrqs.dll Restart Kjør CCleaner igjen. Før du kjører en rense gjør du følgende i programmet: Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Post ny hjt-logg. Lenke til kommentar
Gjest Slettet+231324246 Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 (endret) Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/turid/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Component 1: (no name) - file:///C:/temp/msohtml1/01/clip_image001.jpg Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for en sjekk: C:\zvnjawt3.sys (mulig du må sette på 'Vis skjulte filer og mapper + muligheten til å se skjulte systemfiler) Last ned Killbox Start Killbox Velg å 'Delete on reboot' Følgende skal settes inn: C:\TEMP\jvtulrqs.dll Restart Kjør CCleaner igjen. Før du kjører en rense gjør du følgende i programmet: Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Post ny hjt-logg. __________________________________________________________________________________________ _____ Nå har jeg kjørt HJT på de to filene og sjekket den tredje hos Virusscan. Alt bra så langt. Lastet ned killbox, men C:\TEMP\jvtulrqs.dll finnes jo ikke... får derfor opp flg advarsel. Der lå det visst en log på Killbox også. Har likevel restartet og kjørt CCleaner med det oppsettet du foreslo. Her er loggen, og jeg har ikke slettet noe ennå. Puuh, er så glad for å få hjelp:-) log.txt log_kill.txt Endret 22. desember 2007 av Slettet+231324246 Lenke til kommentar
norbat Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 Ok, Kjør combofix på nytt og post loggen sammen med ny hjt-logg, så ser vi om det er noe mer som bør gjøres. Lenke til kommentar
Gjest Slettet+231324246 Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 Ok,Kjør combofix på nytt og post loggen sammen med ny hjt-logg, så ser vi om det er noe mer som bør gjøres. To nye logger fra ComboFix og HJT - Ser at C:\zvnjawt3.sys er tilbake . . . Hva gjør jeg forresten med CCleaner, kan jeg kjøre clean og slette filene fra forrige scan? Og bør innstillingene fortsatt ikke være haket av ved: "bare slett midlertidige filer......." ? log.txt hijackthis.txt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå