nasse222 Skrevet 18. februar 2008 Del Skrevet 18. februar 2008 (endret) Her er HiJackthis log filen fra min gamle maskin som jeg bare surfer med mens den nye jobber. Men det er noe som ikke stemmer., Får ikke kjørt Windows Update på den, får ikke ånet "Legge til eller fjerne installerte prog" Win2k gammel pc, ca 500Mhz, og 500kb i minne , Men god nok til å surfe med! Her er loggen, leser dere noe her som ikke stemmer? Har kjørt ALT av antivirus, Adaware, Spyware o.l. !!! Takker hjertligst (!) for hjelp, da jeg faktisk bruker denne endel! Loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:49, on 18.02.2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\SCardSvr.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Programfiler\Spyware Terminator\sp_rsser.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Programfiler\Telenor\ecc\ecc.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINNT\System32\svchost.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINNT\system32\mshta.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.online.no R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar1.01.2607.0\no\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINNT\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.online.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122378996778 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} - http://advnt01.com/dialer/internazionale_ver11.CAB O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe -------------------------------------------------------- End of file - 6390 bytes ComboFix 08-02-18.1 - Administrator 18.02.2008 13:20:00.2 - FAT32x86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1044.18.36 [GMT 1:00] Running from: C:\Nytt\Fra 15Des07\ComboFixJan08.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\Web\default.htt . ((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))) . 2008-02-18 13:20 . 18.02.08 13:20 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3a0.dat 2008-02-14 19:01 . 19.06.03 21:05 30,768 --a------ C:\WINNT\system32\drivers\disk.sys 2008-02-14 18:56 . 01.08.06 19:43 19,080 --a------ C:\WINNT\system32\drivers\smimb.sys 2008-02-14 18:56 . 01.08.06 19:43 9,126 --a------ C:\WINNT\system32\drivers\smimbpdr.pdr 2008-02-13 17:04 . 13.02.08 17:03 691,545 --a------ C:\WINNT\unins000.exe 2008-02-13 17:04 . 13.02.08 17:04 3,451 --a------ C:\WINNT\unins000.dat 2008-01-24 02:50 . 24.01.08 08:51 19,872 --a------ C:\WINNT\system32\drivers\fwdrv.err . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-14 18:52 --------- d-----w C:\Programfiler\Sunbelt Software 2008-01-14 17:38 --------- d-----w C:\Programfiler\Avira 2008-01-14 17:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\Avira 2008-01-04 14:02 138,752 ----a-w C:\WINNT\system32\drivers\sp_rsdrv2.sys 2008-01-04 13:54 --------- d-----w C:\Programfiler\WinClamAVShield 2007-12-28 13:41 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2007-12-28 13:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2007-12-28 13:41 --------- d-----w C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2007-12-28 13:40 --------- d-----w C:\Programfiler\SpywareBlaster 2007-12-28 13:40 --------- d-----w C:\Programfiler\Spyware Terminator 2007-12-28 13:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spyware Terminator 2007-12-28 13:35 --------- d-----w C:\Programfiler\DVD Region+CSS Free 2007-12-28 13:33 --------- d-----w C:\Programfiler\CCleaner 2007-12-28 13:22 --------- d-----w C:\Programfiler\ACE Mega CoDecS Pack 2007-12-28 13:16 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-12-14 09:02 94,208 ----a-w C:\WINNT\ccuninst.exe 2007-12-03 03:16 53,084 ----a-w C:\Documents and Settings\Administrator\Favoritter.zip 2005-07-26 13:20 3,130,340 ----a-w C:\Programfiler\DCPlusPlus-0.674.exe 2005-05-17 16:15 37,299,961 ----a-w C:\Programfiler\nis2005.exe 2004-06-23 12:55 20,480 ----a-w C:\Programfiler\ProcManager.exe 2001-10-09 15:51 271 ---h--w C:\Programfiler\desktop.ini 2001-10-09 15:51 22,009 ---h--w C:\Programfiler\folder.htt 2000-02-13 21:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys 2002-01-20 22:05 0 --sha-w C:\WINNT\system32\mmf.sys . ------- Sigcheck ------- "C:\WINNT\system32\svchost.exe" ----a-w 7,952 2000-02-13 21:00:00 C:\WINNT\system32\svchost.exe ----a-w 7,952 2000-02-13 22:00:00 C:\WINNT\system32\dllcache\svchost.exe "C:\WINNT\system32\ws2_32.dll" ----a-w 69,904 2003-06-19 20:05:04 C:\WINNT\system32\ws2_32.dll ------w 69,904 2003-06-19 20:05:04 C:\WINNT\ServicePackFiles\i386\ws2_32.dll "C:\WINNT\system32\drivers\ndis.sys" ----a-w 170,928 2003-06-19 20:05:04 C:\WINNT\system32\drivers\ndis.sys ------w 170,928 2003-06-19 20:05:04 C:\WINNT\ServicePackFiles\i386\ndis.sys "C:\WINNT\explorer.exe" ----a-w 243,472 2003-06-19 20:05:04 C:\WINNT\explorer.exe ------w 243,472 2003-06-19 20:05:04 C:\WINNT\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [19.06.03 21:05 111376 C:\WINNT\system32\mobsync.exe] "LoadQM"="loadqm.exe" [03.05.00 17:23 7536 C:\WINNT\loadqm.exe] "ecc"="C:\Programfiler\Telenor\ecc\ecc.exe" [14.12.05 20:27 286720] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [06.06.06 10:07 40960] "SpywareTerminator"="C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe" [04.01.08 14:50 2834432] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [25.09.07 01:11 132496] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [14.01.08 19:04 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [13.02.00 22:00 20752 C:\WINNT\system32\internat.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 19.04.07 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 isdnlink;isdnlink;C:\WINNT\system32\DRIVERS\linkisdn.sys [16.10.00 12:06 ] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINNT\system32\drivers\sp_rsdrv2.sys [04.01.08 15:02 ] R1 VIAPFD;VIAPFD;C:\WINNT\system32\Drivers\VIAPFD.SYS [04.05.01 15:24 ] R2 AtiBt829;WDM videoopptak for AIW (AtiBt829);C:\WINNT\system32\DRIVERS\AtiBt829.sys [21.10.99 23:09 ] R2 ATITVAUDIO;ATI WDM TVAudio (ATITVSnd);C:\WINNT\system32\DRIVERS\atitvsnd.sys [21.10.99 23:09 ] R2 ATIXBAR;ATI WDM Video Audio Crossbar (ATIXBar);C:\WINNT\system32\DRIVERS\atixbar.sys [21.10.99 23:09 ] R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINNT\System32\DRIVERS\DLPortIO.SYS [10.01.99 12:00 ] R2 TVCC2000;TVCC2000;C:\WINNT\System32\Drivers\TVCC2000.SYS [28.12.00 15:45 ] R3 ati2mpaa;ati2mpaa;C:\WINNT\system32\DRIVERS\ati2mpaa.sys [04.02.00 12:02 ] R3 wanlink;wanlink;C:\WINNT\system32\DRIVERS\wanlink.sys [16.10.00 12:08 ] R3 ZY760_2K;ZyXEL 802.11g XG762 1211 Driver;C:\WINNT\system32\DRIVERS\WlanUZ2K.sys [20.03.06 17:17 ] S2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINNT\mmfs.dll,Service [] S3 EN1207D;Accton EN1207D/2242A Adapter Driver;C:\WINNT\system32\DRIVERS\ACC07D.SYS [16.04.01 11:38 ] S3 GCR410P;GEMPLUS GCR410P seriell smartkortleser;C:\WINNT\system32\DRIVERS\gcr410p.sys [04.02.00 12:14 ] S3 GEMSER;GEMSER;C:\WINNT\system32\DRIVERS\gemser.sys [12.09.02 10:45 ] S3 S3Inc;S3Inc;C:\WINNT\system32\DRIVERS\s3sav4m.sys [25.10.99 23:35 ] S3 Winacpci;Winacpci;C:\WINNT\system32\DRIVERS\winacpci.sys [26.11.99 12:43 ] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-18 13:22:48 Windows 5.0.2195 Service Pack 4 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 18.02.2008 13:23:57 ComboFix2.txt 2007-12-28 12:54:50 ComboFix-quarantined-files.txt 2008-02-18 12:23:56 . 2007-12-22 15:47:05 --- E O F --- Endret 18. februar 2008 av nasse222 Lenke til kommentar
r2d290 Skrevet 18. februar 2008 Del Skrevet 18. februar 2008 hvis du legger til en ny hjt-logg,ser vi hva som har blitt borte etter combofix Lenke til kommentar
nasse222 Skrevet 18. februar 2008 Forfatter Del Skrevet 18. februar 2008 Ok, coming up Lenke til kommentar
nasse222 Skrevet 18. februar 2008 Forfatter Del Skrevet 18. februar 2008 Her er da ny HiJackThis logg etter å ha kjørt Combo : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:51:07, on 18.02.2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\SCardSvr.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\regsvc.exe C:\Programfiler\Spyware Terminator\sp_rsser.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\svchost.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINNT\System32\svchost.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.online.no R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar1.01.2607.0\no\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINNT\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.online.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122378996778 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} - http://advnt01.com/dialer/internazionale_ver11.CAB O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe -- End of file - 6230 bytes Lenke til kommentar
snippsat Skrevet 18. februar 2008 Del Skrevet 18. februar 2008 Start HijackThis finn disse linjene merk dem,så trykk fixed checked. O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user') O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} - http://advnt01.com/dialer/internazionale_ver11.CAB Kjør CCleaner + register-renser. Restart og ny hjt-logg. Lenke til kommentar
r2d290 Skrevet 18. februar 2008 Del Skrevet 18. februar 2008 tips: når du skal kjøre ccleaner, bør du Starte programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Lenke til kommentar
nasse222 Skrevet 18. februar 2008 Forfatter Del Skrevet 18. februar 2008 Start HijackThis finn disse linjene merk dem,så trykk fixed checked. O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user') O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} - http://advnt01.com/dialer/internazionale_ver11.CAB Kjør CCleaner + register-renser. Restart og ny hjt-logg. Gjort som du sa, og her er ny HiJackThis Logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:24:50, on 18.02.2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\SCardSvr.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\regsvc.exe C:\Programfiler\Spyware Terminator\sp_rsser.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\System32\svchost.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.online.no R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar1.01.2607.0\no\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINNT\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.online.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122378996778 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe -- End of file - 5927 bytes Lenke til kommentar
r2d290 Skrevet 18. februar 2008 Del Skrevet 18. februar 2008 loggen ser fin ut. Hvordan er det med problemene? Lenke til kommentar
snippsat Skrevet 18. februar 2008 Del Skrevet 18. februar 2008 Ja loggen ser fin ut Merk du ikke noen problemer gjør du dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Lenke til kommentar
nasse222 Skrevet 18. februar 2008 Forfatter Del Skrevet 18. februar 2008 (endret) Ja loggen ser fin ut Merk du ikke noen problemer gjør du dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Ok, kult, thanx for tipset! -Nei, problemene er de samme som jeg beskrev i første innlegg Fa*n!!!! Endret 18. februar 2008 av nasse222 Lenke til kommentar
r2d290 Skrevet 18. februar 2008 Del Skrevet 18. februar 2008 da bør vel denne posten flyttes til "datamaskinen funker ikke"? Lenke til kommentar
snippsat Skrevet 18. februar 2008 Del Skrevet 18. februar 2008 (endret) Det er nok noe annet en virus da ja. Får ikke kjørt Windows Update på den Er jo en gammel win version,kan være noe reg trøbbel. får ikke ånet "Legge til eller fjerne installerte prog" Ccleaner har denne funksjon. Det du kan prøve er og lage en ny bruker. Logg deg på den se om det hjelper. Sjekke at systemfiler er inntakt. Klikk Start > Kjør > skriv: sfc /scannow Husk at det skal være mellomrom etter sfc I forbindelse med denne reparasjon kan du bli møtt med en beskjed om, at du skal sette din Windows XP CD Endret 18. februar 2008 av SNIPPSAT Lenke til kommentar
nasse222 Skrevet 18. februar 2008 Forfatter Del Skrevet 18. februar 2008 Hvordan få bort/avinstallere Windows Update, og legge denne inn på nytt? Finner ikke WinUpdate under installerte prog , ikke i Ccleaner engang..? Lenke til kommentar
snippsat Skrevet 18. februar 2008 Del Skrevet 18. februar 2008 Winuppdate skjer online. Internet explorer->verktøy->windows uppdate Innstalere uppdate software->sjekker winversion->uppdate starter. Prøv og lag en ny bruker logg deg på den. Se om det går bedere her. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå