Dingo666 Skrevet 23. januar 2008 Del Skrevet 23. januar 2008 (endret) hei, skulle laste ned og sjekke om photoshop var noe bedre en redigeringsprogrammet jeg nå bruker, dette ga bare et resultat, virus. har lokalisert endel infiserte filer og slettet de, men det dukker stadig opp nye. Norton internet securety finner virus, men klarer ikke slette de. Klarer heller ikke kjøre systemgjennoppretting. En av filene jeg har funnet er c:windows\system32\ddabc.dll en annen er c:windows\system32\ddayw.dll Noen som har forslag til hvor jeg skal begynne å angripe dette. Har kjørt ComboFix, men vet ikke hva jeg skal ta meg til nå. ComboFix 08-01-23.2 - Kenneth 2008-01-23 18:25:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.3031 [GMT 1:00] Running from: C:\Documents and Settings\Kenneth\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\cbadd.ini C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ktexagdr.dll C:\WINDOWS\system32\lunboicy.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\rdgaxetk.ini C:\WINDOWS\system32\rqtss.ini C:\WINDOWS\system32\rqtss.ini2 C:\WINDOWS\system32\wyadd.ini C:\WINDOWS\system32\wyadd.ini2 C:\WINDOWS\system32\xxyaaby.dll C:\WINDOWS\system32\yciobnul.dll . ((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))) . 2008-01-23 18:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-21 22:12 . 2008-01-23 10:32 1,089,376 ---hs---- C:\WINDOWS\system32\xlhoeayf.ini 2008-01-18 23:30 . 2004-08-04 09:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-01-18 22:52 . 2008-01-18 22:52 0 --a------ C:\WINDOWS\OpPrintServer.INI 2008-01-18 22:47 . 2008-01-18 23:25 <DIR> d-------- C:\Programfiler\Canon 2008-01-18 21:40 . 2008-01-18 23:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Canon 2008-01-18 20:37 . 2008-01-18 20:37 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-01-18 20:36 . 2008-01-18 20:36 <DIR> d-------- C:\Programfiler\MSBuild 2008-01-18 20:34 . 2008-01-18 20:37 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-01-18 20:34 . 2008-01-18 20:34 <DIR> d-------- C:\Programfiler\Reference Assemblies 2008-01-18 20:34 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-01-18 20:21 . 2008-01-18 21:38 <DIR> d-------- C:\Programfiler\Windows Defender 2008-01-18 20:17 . 2008-01-18 20:17 142 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-01-18 16:16 . 2008-01-18 16:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-01-18 16:16 . 2008-01-18 20:01 <DIR> d-------- C:\Programfiler\D-Tools 2008-01-18 16:16 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2008-01-18 16:16 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2008-01-18 16:08 . 2008-01-18 16:08 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-01-18 15:59 . 2008-01-18 15:59 0 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-01-18 15:02 . 2008-01-18 15:02 <DIR> d-------- C:\Programfiler\Ny mappe 2007-12-30 02:48 . 2007-12-30 02:48 268 --ah----- C:\sqmdata06.sqm 2007-12-30 02:48 . 2007-12-30 02:48 244 --ah----- C:\sqmnoopt06.sqm 2007-12-30 00:10 . 2007-12-30 00:10 268 --ah----- C:\sqmdata05.sqm 2007-12-30 00:10 . 2007-12-30 00:10 244 --ah----- C:\sqmnoopt05.sqm 2007-12-30 00:00 . 2007-12-30 00:00 268 --ah----- C:\sqmdata04.sqm 2007-12-30 00:00 . 2007-12-30 00:00 244 --ah----- C:\sqmnoopt04.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-23 16:30 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-23 16:05 --------- d-----w C:\Programfiler\Norton Internet Security 2008-01-23 09:30 --------- d-----w C:\Programfiler\MSN Messenger 2008-01-21 23:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-21 23:45 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-01-21 19:45 --------- d-----w C:\Programfiler\Logitech 2008-01-21 19:45 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2008-01-21 19:39 --------- d-----w C:\Programfiler\Windows Live Toolbar 2008-01-18 21:56 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-18 19:49 --------- d-----w C:\Programfiler\Telenor 2008-01-18 19:43 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2007-12-29 22:43 --------- d-----w C:\Programfiler\SpeedFan 2007-12-15 12:08 --------- d-----w C:\Programfiler\AMD 2007-12-15 12:06 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-12-13 15:26 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-12-09 22:30 --------- d-----w C:\Programfiler\MSECache 2007-12-05 19:46 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-05 19:46 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-05 19:46 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-05 19:46 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-05 19:46 --------- d-----w C:\Programfiler\Symantec 2007-12-03 18:29 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CAFB533-55F9-4EA5-85E5-B3419572B6FA}] C:\WINDOWS\system32\sstqr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0A27F3D-279F-4252-BA8E-1E208CF4FEA4}] C:\WINDOWS\system32\ddayw.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-18 20:43 15360] "Uniblue RegistryBooster 2"="C:\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ] "ASUS SmartDoctor"="C:\Programfiler\ASUS\SmartDoctor\SmartDoctor.exe" [ ] "Windows Updates"="c:\windows\system\Update.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-20 05:05 8429568] "nwiz"="nwiz.exe" [2007-04-20 05:05 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-20 05:05 81920] "SkyTel"="SkyTel.EXE" [2006-05-16 09:04 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 07:48 16208384 C:\WINDOWS\RTHDCPL.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe] "GameFace Messenger"="C:\Programfiler\GameFace Messenger\GameFace.exe" [ ] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ] "HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [ ] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [ ] "HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [ ] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-23 17:32 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [ ] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [ ] "Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [ ] "Launch LCDMon"="C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" [ ] "amd_dc_opt"="C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [ ] "AMD_Display"="" [] "Windows Updates"="c:\windows\system\Update.exe" [ ] "DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [ ] "Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [ ] "Start WingMan Profiler"="C:\Programfiler\Logitech\Gaming Software\LWEMon.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-01-18 20:43 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Acer WLAN 11g USB Dongle.lnk - C:\Programfiler\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 19:25:14 745472] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-07-20 23:48:39 692224] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;C:\Programfiler\ASTRA32\ASTRA32.sys [2007-02-22 10:28] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03] S3 grmn0400;grmn0400.Sys Garmin USB HS DCP driver (install);C:\WINDOWS\system32\Drivers\grmn0400.sys [2007-01-05 14:51] S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;C:\WINDOWS\system32\Drivers\grmn1200.sys [2007-01-05 14:51] S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-01-23 17:31:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-01-21 17:01:57 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Kenneth.job" På forhånd takk MVH Kenneth Endret 23. januar 2008 av Dingo666 Lenke til kommentar
r2d290 Skrevet 23. januar 2008 Del Skrevet 23. januar 2008 gi oss en hijack this log også du se her for å finne ut hva du skal gjøre med det... Lenke til kommentar
Dingo666 Skrevet 23. januar 2008 Forfatter Del Skrevet 23. januar 2008 (endret) gi oss en hijack this log også du se her for å finne ut hva du skal gjøre med det... Der er loggen kommet inn :-) Skal kjøre hijack nå Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:07, on 2008-01-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: (no name) - {6CAFB533-55F9-4EA5-85E5-B3419572B6FA} - C:\WINDOWS\system32\sstqr.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A0A27F3D-279F-4252-BA8E-1E208CF4FEA4} - C:\WINDOWS\system32\ddayw.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [GameFace Messenger] C:\Programfiler\GameFace Messenger\GameFace.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [start WingMan Profiler] C:\Programfiler\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Programfiler\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Programfiler\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183996233264 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184006735156 O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 9595 bytes Endret 23. januar 2008 av Dingo666 Lenke til kommentar
Programvare Skrevet 23. januar 2008 Del Skrevet 23. januar 2008 Du kan merke og trykke fix checked på følgende: O2 - BHO: (no name) - {6CAFB533-55F9-4EA5-85E5-B3419572B6FA} - C:\WINDOWS\system32\sstqr.dll (file missing) O2 - BHO: (no name) - {A0A27F3D-279F-4252-BA8E-1E208CF4FEA4} - C:\WINDOWS\system32\ddayw.dll (file missing) O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe Last ned og kjør programmet Ccleaner Du bør også bytte nettleser fra IE som du bruker til f.eks. Opera, eller Firefox. Lenke til kommentar
Dingo666 Skrevet 23. januar 2008 Forfatter Del Skrevet 23. januar 2008 Du kan merke og trykke fix checked på følgende: O2 - BHO: (no name) - {6CAFB533-55F9-4EA5-85E5-B3419572B6FA} - C:\WINDOWS\system32\sstqr.dll (file missing) O2 - BHO: (no name) - {A0A27F3D-279F-4252-BA8E-1E208CF4FEA4} - C:\WINDOWS\system32\ddayw.dll (file missing) O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe Last ned og kjør programmet Ccleaner Du bør også bytte nettleser fra IE som du bruker til f.eks. Opera, eller Firefox. Oki takker for rask respons, sjekker jeg de filene du nevner ved hjelp av hj, eller med Cc?? Lenke til kommentar
Programvare Skrevet 23. januar 2008 Del Skrevet 23. januar 2008 Du fjerner de med Hijackthis ja. Som r2d290 sier. Lenke til kommentar
Dingo666 Skrevet 23. januar 2008 Forfatter Del Skrevet 23. januar 2008 Du fjerner de med Hijackthis ja. Som r2d290 sier. Ok, skjønte nesten det da jeg rota rund litt, TUSEN TAKK SKAL DERE HA :-))) Maskinen virker mye kjappere og finere nå, PHUUU, slapp formatering og reinstalleringshelvete. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå