see007 Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Har rensket det meste ut av cookies o.l har kjørt housecall og avg antispy. kjørte hjt etter siste scanning. legger ved rapport fra hjt og avg. trenger som sagt hjelp til å bli kvitt dette på forhånd tusen takk :-) veit ikke om jeg la inn disse rapportene riktig , men de ligger so vedlegg her hijackthis_etter_scan.txt Report_Scan_20080120_130051.txt Lenke til kommentar
see007 Skrevet 20. januar 2008 Forfatter Del Skrevet 20. januar 2008 Har rensket det meste ut av cookies o.l har kjørt housecall og avg antispy. kjørte hjt etter siste scanning. legger ved rapport fra hjt og avg. trenger som sagt hjelp til å bli kvitt dette på forhånd tusen takk :-) veit ikke om jeg la inn disse rapportene riktig , men de ligger so vedlegg her --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 13:00:51 20.01.2008 + Scan result: C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCX12.tmp -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCX15.tmp -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCX18.tmp -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCX1A.tmp -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCX1D.tmp -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCX1E.tmp -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCX23.tmp -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCX7.tmp -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCX9.tmp -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\RCXF.tmp -> Dropper.Agent.dgo : No action taken. C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Dropper.Agent.dgo : No action taken. C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe -> Dropper.Agent.dgo : No action taken. C:\RECYCLER\S-1-5-21-101349958-2978646998-865658804-1006\Dc1.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057688.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057689.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057694.EXE -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057695.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057696.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057697.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057699.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057700.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057716.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057717.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057721.EXE -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057722.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057723.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057724.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057725.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0057726.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0058768.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059792.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059797.EXE -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059798.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059799.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059800.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059810.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059821.Exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059824.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059825.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059829.EXE -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059830.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059831.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059832.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059849.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059856.Exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059858.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059859.EXE -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059861.EXE -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059862.EXE -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059863.exe -> Dropper.Agent.dgo : No action taken. C:\System Volume Information\_restore{D1764340-7E55-4818-ADD9-5177B46EBE77}\RP375\A0059865.exe -> Dropper.Agent.dgo : No action taken. C:\VundoFix Backups\ElkCtrl.exe.bad -> Dropper.Agent.dgo : No action taken. C:\VundoFix Backups\ImScInst.exe.bad -> Dropper.Agent.dgo : No action taken. C:\VundoFix Backups\ctfmon.exe.bad -> Dropper.Agent.dgo : No action taken. C:\VundoFix Backups\geeby.exe.bad -> Dropper.Agent.dgo : No action taken. C:\WINDOWS\system32\ctfmon.exe.tmp -> Dropper.Agent.dgo : No action taken. [1084] C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe -> Dropper.Agent.dgo : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : No action taken. C:\Documents and Settings\Alexander\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Alexander\Cookies\alexander@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken. C:\Documents and Settings\Terje\Cookies\terje@adtech[1].txt -> TrackingCookie.Adtech : No action taken. C:\Documents and Settings\Terje\Cookies\terje@advertising[1].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\Alexander\Cookies\alexander@connextra[1].txt -> TrackingCookie.Connextra : No action taken. C:\Documents and Settings\Terje\Cookies\terje@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\Cookies\terje@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Alexander\Cookies\[email protected][1].txt -> TrackingCookie.Information : No action taken. C:\Documents and Settings\Alexander\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : No action taken. C:\Documents and Settings\Alexander\Cookies\alexander@revsci[2].txt -> TrackingCookie.Revsci : No action taken. C:\Documents and Settings\Alexander\Cookies\alexander@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : No action taken. C:\Documents and Settings\Ine\Cookies\ine@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : No action taken. C:\Documents and Settings\Terje\Cookies\terje@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : No action taken. C:\Documents and Settings\Terje\Lokale innstillinger\Temp\Cookies\terje@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : No action taken. C:\Documents and Settings\Terje\Cookies\terje@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken. C:\Documents and Settings\Terje\Cookies\terje@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken. C:\Documents and Settings\Marianne\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : No action taken. C:\Documents and Settings\Alexander\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken. ::Report end HJT rapporten Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:55:39, on 20.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe D:\program\Alcohol.120.v1.9.6.4719.Retail.WinALL.Cracked-BETAMASTER\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh .exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp .exe C:\WINDOWS\system32\LVCOMSX .EXE C:\Programfiler\Java\jre1.5.0_06\bin\jusched .exe C:\Acer\Empowering Technology\ePower\ePower_DMC .exe C:\Programfiler\MSN Messenger\MsnMsgr .Exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE D:\program\AVG Anti-Spyware 7.5\guard.exe D:\program\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F3 - REG:win.ini: load=C:\WINDOWS\system32\geeby.exe O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\program\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TacticalOpsSetup.exe] D:\DLS\TACTIC~1.EXE /r O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\program\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\program\Alcohol.120.v1.9.6.4719.Retail.WinALL.Cracked-BETAMASTER\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9973 bytes er kanskje bedre for dere om jeg legger det ut slik, var litt usikker. Lenke til kommentar
norbat Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgnede linjer og klikk Fix checked: F3 - REG:win.ini: load=C:\WINDOWS\system32\geeby.exe O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
see007 Skrevet 21. januar 2008 Forfatter Del Skrevet 21. januar 2008 ComboFix 08-01-20.1 - Terje 2008-01-20 19:50:14.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1345 [GMT 1:00] Running from: D:\DLS\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\svchost.exe C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\geeby.dll C:\WINDOWS\system32\geeby.exe C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pmnklii.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\ybeeg.ini C:\WINDOWS\system32\ybeeg.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))) . 2008-01-20 19:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 04:20 . 2008-01-20 04:20 <DIR> d-------- C:\Documents and Settings\Terje\Programdata\Grisoft 2008-01-20 04:20 . 2008-01-20 04:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-20 04:20 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-20 02:35 . 2008-01-20 02:35 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-20 02:02 . 2008-01-20 02:26 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-20 01:08 . 2008-01-20 03:19 <DIR> d-------- C:\VundoFix Backups 2008-01-19 23:11 . 2008-01-19 23:33 262,144 --a------ C:\WINDOWS\system32\ElkCtrl .exe 2008-01-19 23:11 . 2008-01-20 03:24 225,280 --a------ C:\WINDOWS\system32\LVCOMSX .EXE 2008-01-19 23:11 . 2008-01-19 23:33 40,960 --a------ C:\WINDOWS\system32\ImageItEncrypt .exe 2008-01-19 23:10 . 2008-01-19 23:33 32,768 --a------ C:\WINDOWS\RUNXMLPL .exe 2008-01-06 03:11 . 2008-01-06 03:15 <DIR> d-------- C:\Documents and Settings\Terje\Programdata\Ventrilo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-20 12:08 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-20 03:22 --------- d-----w C:\Programfiler\MSN Messenger 2008-01-19 22:38 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-15 20:35 --------- d-----w C:\Documents and Settings\Terje\Programdata\Azureus 2007-12-26 12:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-03 23:31 22,328 ----a-w C:\Documents and Settings\Terje\Programdata\PnkBstrK.sys 2007-02-25 10:01 32 ----a-r C:\Documents and Settings\All Users\hash.dat . <pre> ----a-w 421,888 2008-01-20 02:25:00 C:\Acer\Empowering Technology\ePower\ePower_DMC .exe ----a-w 52,840 2008-01-20 02:24:30 C:\Programfiler\Fellesfiler\Symantec Shared\ccApp .exe ----a-w 517,768 2008-01-20 02:19:25 C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe ----a-w 36,975 2008-01-20 02:24:51 C:\Programfiler\Java\jre1.5.0_06\bin\jusched .exe ----a-w 5,674,352 2008-01-20 02:25:33 C:\Programfiler\MSN Messenger\MsnMsgr .Exe ----a-w 761,945 2008-01-20 02:24:24 C:\Programfiler\Synaptics\SynTP\SynTPEnh .exe ----a-w 32,768 2008-01-19 22:33:11 C:\WINDOWS\RUNXMLPL .exe ----a-w 208,952 2008-01-20 02:24:28 C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE ----a-w 15,360 2008-01-20 01:26:00 C:\WINDOWS\system32\ctfmon .exe ----a-w 262,144 2008-01-19 22:33:38 C:\WINDOWS\system32\ElkCtrl .exe ----a-w 40,960 2008-01-19 22:33:38 C:\WINDOWS\system32\ImageItEncrypt .exe ----a-w 225,280 2008-01-20 02:24:44 C:\WINDOWS\system32\LVCOMSX .EXE ----a-w 455,168 2008-01-20 02:24:33 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ] "TacticalOpsSetup.exe"="D:\DLS\TACTIC~1.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="C:\Windows\RUNXMLPL.exe" [ ] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 17:23 15961088 C:\WINDOWS\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-09-09 11:20 88203 C:\WINDOWS\AGRSMMSG.exe] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 09:43 7397376] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-19 09:43 86016] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [ ] "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [ ] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [ ] "Windows Taskmanager"="svchost.exe" [2004-08-04 15:00 14336 C:\WINDOWS\system32\svchost.exe] "!AVG Anti-Spyware"="D:\program\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15 1634304] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54 65588] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD] --a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 22:46 57344 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2006-02-24 23:17 462848 D:\program\Clonedvd\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] --a------ 2005-06-11 19:51 53248 C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot] --a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay] --a------ 2002-11-02 07:33 45056 D:\program\Clonedvd\ElbyCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol] --a------ 2003-09-16 14:28 20480 C:\Programfiler\Launch Manager\CtrlVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] --a------ 2006-03-17 15:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] --a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2005-03-24 01:26 217088 C:\Programfiler\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] --a------ 2005-07-25 13:36 32768 C:\Programfiler\Launch Manager\LaunchAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2006-04-19 15:08 69632 C:\Programfiler\Launch Manager\HotkeyApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] --a------ 2005-07-25 10:45 241664 C:\Programfiler\Launch Manager\OSDCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] --a------ 2006-06-26 15:47 331776 C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] --a------ 2006-06-26 15:55 73728 C:\Programfiler\Acer\OrbiCam\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI] --a------ 2005-05-11 17:15 45056 C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2006-03-23 00:12 151552 C:\Program Files\Acer\Acer Arcade\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-11-28 13:12 222720 C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-01-26 12:36 495616 C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] --a------ 2006-04-20 09:23 86016 C:\Programfiler\Launch Manager\Wbutton.exe R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14] R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07] S1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57] S2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57] S2 int15;int15;C:\WINDOWS\system32\drivers\int15.sys [2006-04-20 20:03] S2 tvicport;tvicport;C:\WINDOWS\system32\drivers\tvicport.sys [2006-04-20 20:03] S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40] S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17] S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 11:55] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 11:55] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 11:55] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 11:56] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 11:56] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 11:56] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 11:56] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42] . Contents of the 'Scheduled Tasks' folder "2008-01-18 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Terje.job" - C:\PROGRA~1\NORTON~1\Navw32.exec/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-20 20:07:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-20 20:12:13 - machine was rebooted [Terje] ComboFix-quarantined-files.txt 2008-01-20 19:12:08 . 2008-01-10 02:02:40 --- E O F --- Lenke til kommentar
see007 Skrevet 21. januar 2008 Forfatter Del Skrevet 21. januar 2008 jeg kjørte som sagt avg anti og housecall , senere tok jeg combi fix i går, dette er en hjt for idag, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:32:58, on 21.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe D:\program\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe D:\program\Alcohol.120.v1.9.6.4719.Retail.WinALL.Cracked-BETAMASTER\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe D:\program\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE D:\Spill\hl2\Steam.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\program\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [TacticalOpsSetup.exe] D:\DLS\TACTIC~1.EXE /r O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\program\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing) O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\program\Alcohol.120.v1.9.6.4719.Retail.WinALL.Cracked-BETAMASTER\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9201 bytes Lenke til kommentar
norbat Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Ser greit ut dette. Fortsatt noen probl. med MSN? Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
see007 Skrevet 21. januar 2008 Forfatter Del Skrevet 21. januar 2008 Ser greit ut dette. Fortsatt noen probl. med MSN? Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. jeg tok en kikk på tingene etter sist du posta her ja, har ikke hatt noen spesielle prob etterpå. men skal følge det siste pktet ditt med gjennopprettingen. takker så masse for hjelpen , selv om jeg klarte litt selv også. hehe Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå