CrazyTeddy Skrevet 17. februar 2008 Del Skrevet 17. februar 2008 (endret) hei, har noen småproblemer med PC-en etter at jeg har tatt full systemscan med Norton. kunne noen se på en hijackthis logg jeg nettop fikk etter scan. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:54:58, on 17.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Acronis\Schedule2\schedul2.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Shield\shdserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Shield\shieldclnt.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programfiler\Fellesfiler\Acronis\Schedule2\schedhlp.exe C:\Programfiler\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe D:\Instalerte prog\iTunes\iTunesHelper.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Shield\shieldtray.exe C:\Programfiler\My Lockbox\flockbox.exe D:\Instalerte prog\Daemon Tools\daemon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe D:\Instalerte prog\SAS\SUPERAntiSpyware.exe D:\Instalerte prog\Regestry Clean\Registry Clean Expert\RCHelper.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\iPod\bin\iPodService.exe D:\Instalerte prog\Forskjellig Stuff\ZDConfig.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Ole.OLE-YAD6XT9R1VZ\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programfiler\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programfiler\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programfiler\Fellesfiler\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [iTunesHelper] "D:\Instalerte prog\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shield] C:\Program Files\Shield\shieldtray.exe O4 - HKLM\..\Run: [flockbox] C:\Programfiler\My Lockbox\flockbox.exe /a O4 - HKCU\..\Run: [DAEMON Tools] "D:\Instalerte prog\Daemon Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Instalerte prog\SAS\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [RegClean Expert Scheduler] "D:\Instalerte prog\Regestry Clean\Registry Clean Expert\RCHelper.exe" /startup O4 - HKCU\..\Run: [Update Service] C:\PROGRA~2\FELLES~1\TEKNUM~1\update.exe /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Wireless Config.lnk = D:\Instalerte prog\Forskjellig Stuff\ZDConfig.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Instalerte prog\SAS\SASWINLO.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programfiler\Fellesfiler\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\Instalerte prog\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\Instalerte prog\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: SHDSERV - Unknown owner - C:\Program Files\Shield\shdserv.exe O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Program Files\Shield\shieldclnt.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 11166 bytes Noen som ser noe galt? har også "AppSvc32" som ligger å lurer men får den ikke bort. På forhånd takk Endret 17. februar 2008 av CrazyTeddy Lenke til kommentar
Aleksander- Skrevet 17. februar 2008 Del Skrevet 17. februar 2008 Nå er ikke jeg like flink som Norbat på disse loggene, men håper denne beskrivelsen her kan hjelpe, som forøvrig er hentet fra http://www.bleepingcomputer.com/tutorials/tutorial42.html R0, R1, R2, R3 Internet Explorer Start/Search pages URLs F0, F1, F2,F3 Auto loading programs N1, N2, N3, N4 Netscape/Mozilla Start/Search pages URLs O1 Hosts file redirection O2 Browser Helper Objects O3 Internet Explorer toolbars O4 Auto loading programs from Registry O5 IE Options icon not visible in Control Panel O6 IE Options access restricted by Administrator O7 Regedit access restricted by Administrator O8 Extra items in the IE right-click menu O9 Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu O10 Winsock hijacker O11 Extra group in IE 'Advanced Options' window O12 IE plugins O13 IE Default Prefix hijack O14 'Reset Web Settings' hijack O15 Unwanted site in Trusted Zone O16 ActiveX Objects (aka Downloaded Program Files) O17 Lop.com/Domain Hijackers O18 Extra protocols and protocol hijackers O19 User style sheet hijack O20 AppInit_DLLs Registry value Autorun O21 ShellServiceObjectDelayLoad O22 SharedTaskScheduler O23 Windows XP/NT/2000 Services O24 Windows Active Desktop Components Dersom du finner noe du selv ikke liker, så er det bare å sette igang med de vanlige programmene, som spybot, adaware osv Så får vi bare vente til Norbat kommer med et fyldigere svar. Lenke til kommentar
CrazyTeddy Skrevet 17. februar 2008 Forfatter Del Skrevet 17. februar 2008 takk for svar! skjønte ikke så mye av den siden du ga meg ser du noen ting i loggen som ikke burde være der? Lenke til kommentar
r2d290 Skrevet 17. februar 2008 Del Skrevet 17. februar 2008 ikke bry deg om den beskjeden til aleksander, er ikke stort med info i den... skal se om jeg får tatt en titt på den... Lenke til kommentar
r2d290 Skrevet 17. februar 2008 Del Skrevet 17. februar 2008 (endret) start hjt, og sett hake foran følgende linjer før du trykker fix: O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) ellers, så er dataen min så treg at jeg ikke klarer å søke etter filene i loggen din... du får vente til noen andre kommer kan du beskrive hva problemet er? Endret 17. februar 2008 av r2d290 Lenke til kommentar
CrazyTeddy Skrevet 17. februar 2008 Forfatter Del Skrevet 17. februar 2008 takk for hjelp enda en gang! problemet mitt er at når jeg skrur på PC-en kjører Windows test av harddiskene selvom systemet skrudde seg av på riktig måte. Vanlighvis skjer dette bare etter en Bluescreen eller noe i den duren. vært borti dette før? vet evt hva problemet er? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå