theboss22 Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 Fyfaen ta den jævla datan!!!.. Det popper opp hele tia no virusmøøøk om at jeg bør instalere denne osv.. Det er flere brukere av denne maskinen så gud vet hva de gjør med den? Popper opp program som: Files secure. men prøver å slette den men den vil jo ikke!!!!! Håper på rimeli kvikt svar!!.. Takk Lenke til kommentar
Sokkalf™ Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 Kanskje du burde prøve å beskrive problemet ordentlig, og ikke bare slenge ut noen frustrerte gloser. Lenke til kommentar
theboss22 Skrevet 12. mars 2008 Forfatter Del Skrevet 12. mars 2008 Kanskje du burde prøve å beskrive problemet ordentlig, og ikke bare slenge ut noen frustrerte gloser. Hehe.. Jo nå ska vi c.. Når jeg går inn på internett så popper det opp: system feil eller lignende. Også ting som sier at jeg bør innstalere dette virus proramet eller spyware programet.. sånne ting.. Må få det vekk.. kommer hver gang en ny side blir opplasta!!! Lenke til kommentar
snippsat Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Lenke til kommentar
theboss22 Skrevet 12. mars 2008 Forfatter Del Skrevet 12. mars 2008 Last ned HijackThis legg i egen mappe på skrivebordet.Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:08, on 12.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe C:\Programfiler\Ares\Ares.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Files-Secure\secure.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Programfiler\TopSalgAntivirus\Tools\pblock.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Programfiler\TopSalgAntivirus\Tools\sbiebho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Media Player - {9E4503CE-5E52-41F9-A603-D63ED018CED5} - C:\WINDOWS\wmpdxm.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: (no name) - {BEEBF973-2D68-4D35-8548-D04AA50E6030} - C:\WINDOWS\system32\atrac.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe" -start O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programfiler\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe O24 - Desktop Component 0: (no name) - http://static.youtube.com/yt/js/watch_all-vfl29352.js O24 - Desktop Component 1: (no name) - http://alrafdean.org/flag-iraq.gif O24 - Desktop Component 2: (no name) - http://www.virtualadvantages.com/images/12...atlpop_back.jpg -- End of file - 8048 bytes Lenke til kommentar
snippsat Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Restart og en ny HijackThis logg. Lenke til kommentar
LysDiode Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 Ta en titt på denne Mvh Pilarwiki aka diskusjonsgjest Lenke til kommentar
theboss22 Skrevet 12. mars 2008 Forfatter Del Skrevet 12. mars 2008 Last Combofix ned ,legg på skrivebordet.Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Restart og en ny HijackThis logg. ComboFix 08-03-10.1 - Compaq_Eier 2008-03-12 16:19:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.101 [GMT 1:00] Running from: C:\Documents and Settings\Compaq_Eier\Lokale innstillinger\Temporary Internet Files\Content.IE5\GHYZWXAZ\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Compaq_Eier\ResErrors.log C:\WINDOWS\system32\drivers\dhlp.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DHLP -------\LEGACY_FMTR -------\dhlp ((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))) . 2008-03-12 16:06 . 2008-03-12 16:06 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-11 21:33 . 2008-03-11 21:33 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Printer Info Cache 2008-03-11 21:33 . 2008-03-11 21:40 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Image Zone Express 2008-03-11 17:19 . 2008-03-11 17:19 <DIR> d-------- C:\Programfiler\Files-Secure 2008-03-11 04:13 . 2008-03-11 04:13 220,672 --a------ C:\WINDOWS\wmpdxm.dll 2008-03-11 04:13 . 2008-03-11 04:13 50 --a------ C:\amp.bat 2008-03-10 10:43 . 2008-03-10 10:43 <DIR> d-------- C:\WINDOWS\system32\Engines 2008-03-10 10:43 . 2008-03-10 10:43 <DIR> d--hs---- C:\TopSalgAntivirus 2008-03-10 10:43 . 2008-03-11 04:36 <DIR> d-------- C:\Programfiler\TopSalgAntivirus 2008-03-09 09:58 . 2008-03-10 03:01 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-03-04 15:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-03-04 15:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-03-01 20:04 . 2008-03-01 20:04 2,193,024 --a------ C:\WINDOWS\system32\kernel1.exe 2008-03-01 20:04 . 2007-09-06 13:09 212 -rahs---- C:\BOOT.BKK 2008-03-01 20:00 . 2008-03-01 20:00 <DIR> d-------- C:\Programfiler\TGTSoft 2008-02-17 13:22 . 2008-02-17 13:22 <DIR> d-------- C:\Programfiler\SpyShredder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-10 09:43 --------- d-----w C:\Programfiler\Fellesfiler\TopSalgAntivirus 2008-03-10 09:40 252,432 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\install_no[1].exe 2008-02-11 22:55 19,584 ----a-w C:\WINDOWS\system32\drivers\wedmrcnn.dat 2008-02-09 22:32 --------- d-----w C:\Programfiler\MinneSparere 2008-02-08 17:40 --------- d-----w C:\Programfiler\IObit 2008-02-02 18:16 260,624 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\setup_no[1].exe 2008-01-31 11:47 --------- d-----w C:\Programfiler\Google 2008-01-30 13:49 --------- d-----w C:\Programfiler\Java 2007-12-10 21:42 1,346 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\wklnhst.dat 2007-01-01 12:43 1,600,864 ----a-w C:\Documents and Settings\Compaq_Eier\setup.exe 2004-02-04 18:53 24,070,405 ----a-w C:\Documents and Settings\Compaq_Eier\nero6303.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}] 2007-12-25 15:32 223232 --a------ C:\Programfiler\TopSalgAntivirus\Tools\pblock.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}] 2007-12-25 15:39 1102848 --a------ C:\Programfiler\TopSalgAntivirus\Tools\sbiebho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E4503CE-5E52-41F9-A603-D63ED018CED5}] 2008-03-11 04:13 220672 --a------ C:\WINDOWS\wmpdxm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEEBF973-2D68-4D35-8548-D04AA50E6030}] 2008-03-05 23:30 98048 --a------ C:\WINDOWS\system32\atrac.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="C:\Programfiler\Ares\Ares.exe" [2007-05-14 23:37 964608] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] "Yahoo! Pager"="C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [ ] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-30 15:04 171448] "NBJ"="C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35 1961984] "STYLEXP"="C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 04:05 344064] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-01-01 15:27 180269] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920] "ugac"="C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe" [2007-08-21 14:11 151126] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] Icatch(VI) SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2008-01-06 21:19:52 65536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Ares\\Ares.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Programfiler\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\WebEye\\WebEye.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= R0 yfkutzfn;yfkutzfn;C:\WINDOWS\system32\drivers\wedmrcnn.dat [] . Contents of the 'Scheduled Tasks' folder "2008-03-11 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Programfiler\AdwareAlert\AdwareAlert.ex - C:\Programfiler\AdwareAlert "2008-03-12 00:27:02 C:\WINDOWS\Tasks\Internett-tjenester.job" - C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-12 16:22:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\yfkutzfn] "ImagePath"="system32\drivers\wedmrcnn.dat" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2008-03-12 16:24:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-12 15:24:18 . 2008-03-10 02:01:14 --- E O F --- Hijackthis2 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:27:25, on 12.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe C:\Programfiler\Ares\Ares.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\WINDOWS\explorer.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Programfiler\TopSalgAntivirus\Tools\pblock.dll O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Programfiler\TopSalgAntivirus\Tools\sbiebho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Media Player - {9E4503CE-5E52-41F9-A603-D63ED018CED5} - C:\WINDOWS\wmpdxm.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: (no name) - {BEEBF973-2D68-4D35-8548-D04AA50E6030} - C:\WINDOWS\system32\atrac.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe" -start O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programfiler\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe O24 - Desktop Component 0: (no name) - http://static.youtube.com/yt/js/watch_all-vfl29352.js O24 - Desktop Component 1: (no name) - http://alrafdean.org/flag-iraq.gif O24 - Desktop Component 2: (no name) - http://www.virtualadvantages.com/images/12...atlpop_back.jpg -- End of file - 7976 bytes Lenke til kommentar
anotherzen Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 (endret) ta backup av alt som er viktig. format c: -y legg inn alt på nytt, lag egne brukerprofiler. yarr, fixer biffen på under 30min Endret 12. mars 2008 av anotherzen Lenke til kommentar
theboss22 Skrevet 12. mars 2008 Forfatter Del Skrevet 12. mars 2008 format c: -y ? Hva mener du? Lenke til kommentar
snippsat Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 (endret) Ikke hør på anotherzen. Nå holde vi på og renske opp. Du skal ikke formatere. Jeg ser igjennon loggene nå og kommer med løsning. Endret 12. mars 2008 av SNIPPSAT Lenke til kommentar
snippsat Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post logg c:\combofix Folder:: C:\TopSalgAntivirus C:\Programfiler\TopSalgAntivirus C:\Programfiler\SpyShredder C:\Programfiler\Fellesfiler\TopSalgAntivirus File:: C:\WINDOWS\system32\atrac.dll ----------------------------------------- Last ned oppdatere og kjør full scan SAS free Post logg. Restart og en ny HijackThis logg. Lenke til kommentar
radivx Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 Last ned HijackThis legg i egen mappe på skrivebordet.Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Gratulerer! Når hijackthis logger kommer inn på høyt traffikerte forum ifm. ordene virus spyware ol. vil det bli umulig å søke opp på faktiske spywarefiler, fordi eks. W32.Sasser like ofte finnes sammen notepad.exe som den faktiske virus/ormfilen. Like irriterende hver gang å få opp forum som bare har hijack this logger og blindspor. Foreslår til alle lesere at neste gang det er behov for hijack this logger, så er det en funksjon som heter attachments. Lenke til kommentar
snippsat Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 (endret) Dette er det rådet [1skjul]skriv loggfilen her[1/skjul] fjern 1 for skjult tekst. Klikk for å se/fjerne innholdet nedenfor <skriv loggfilen her> Da mange har problem med attachments. Tatt opp dette en del ganger i Antivirusprogrammer og datasikkerhet. Skal ta med dette som råd,når jeg ber om logger. Endret 12. mars 2008 av SNIPPSAT Lenke til kommentar
theboss22 Skrevet 12. mars 2008 Forfatter Del Skrevet 12. mars 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post logg c:\combofix Folder:: C:\TopSalgAntivirus C:\Programfiler\TopSalgAntivirus C:\Programfiler\SpyShredder C:\Programfiler\Fellesfiler\TopSalgAntivirus File:: C:\WINDOWS\system32\atrac.dll ----------------------------------------- Last ned oppdatere og kjør full scan SAS free Post logg. Restart og en ny HijackThis logg. Hei igjen. Nå finner jeg ikke combodfix. den er borte Men skal i hvertfall søke igjennom med den spywire greie du ga meg Lenke til kommentar
snippsat Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 (endret) Last Combofix ned ,legg på skrivebordet. Den skal ligge på skrivebordet. Er den ikke der last ned og legg på skrivebordet. Endret 12. mars 2008 av SNIPPSAT Lenke til kommentar
theboss22 Skrevet 12. mars 2008 Forfatter Del Skrevet 12. mars 2008 Last Combofix ned ,legg på skrivebordet. Den skal ligge på skrivebordet. Er den ikke der last ned og legg på skrivebordet. her er nye loggen fra combofix: ComboFix 08-03-10.1 - Compaq_Eier 2008-03-12 18:27:56.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.111 [GMT 1:00] Running from: C:\Documents and Settings\Compaq_Eier\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Compaq_Eier\Skrivebord\cfscript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\atrac.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Fellesfiler\TopSalgAntivirus C:\Programfiler\Fellesfiler\TopSalgAntivirus\bm.exe C:\Programfiler\Fellesfiler\TopSalgAntivirus\ugac.exe C:\Programfiler\SpyShredder C:\Programfiler\TopSalgAntivirus C:\Programfiler\TopSalgAntivirus\Activate.exe C:\Programfiler\TopSalgAntivirus\al.dat C:\Programfiler\TopSalgAntivirus\Config\pgs.xml C:\Programfiler\TopSalgAntivirus\Dat\Activate.dat C:\Programfiler\TopSalgAntivirus\Dat\BkSites.dat C:\Programfiler\TopSalgAntivirus\Dat\bnlink.dat C:\Programfiler\TopSalgAntivirus\Dat\cd.dat C:\Programfiler\TopSalgAntivirus\Dat\incmp.dat C:\Programfiler\TopSalgAntivirus\Dat\index.dat C:\Programfiler\TopSalgAntivirus\Dat\pv.dat C:\Programfiler\TopSalgAntivirus\dhlp.dll C:\Programfiler\TopSalgAntivirus\Engines\AWBase\database\enemies.dat C:\Programfiler\TopSalgAntivirus\Engines\AWBase\vbpv.dat C:\Programfiler\TopSalgAntivirus\Engines\PGBase\vbpv.dat C:\Programfiler\TopSalgAntivirus\Engines\plugins\BORLNDMM.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANADWR.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANBCDR.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANDLDR.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANDOS1.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANEMUL.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANFUNC.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANKRNL.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANMCR1.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANOTHR.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANSCR.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANTOOL.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANTROJ.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\SCANWIN1.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\UNACPU.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\UNADBX.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\unamscan.dll C:\Programfiler\TopSalgAntivirus\Engines\plugins\UNMIME.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\UNPACK.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\UNPACKS.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\UNPACKS2.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\UNPEPACK.DLL C:\Programfiler\TopSalgAntivirus\Engines\plugins\vbpv.dat C:\Programfiler\TopSalgAntivirus\FWSettings.bin C:\Programfiler\TopSalgAntivirus\Graphics\cross.gif C:\Programfiler\TopSalgAntivirus\Graphics\ga6p.gif C:\Programfiler\TopSalgAntivirus\Graphics\kb.url C:\Programfiler\TopSalgAntivirus\Graphics\main.ico C:\Programfiler\TopSalgAntivirus\Graphics\mini.ico C:\Programfiler\TopSalgAntivirus\Graphics\Online.url C:\Programfiler\TopSalgAntivirus\Graphics\rm.url C:\Programfiler\TopSalgAntivirus\Graphics\support.ico C:\Programfiler\TopSalgAntivirus\Graphics\Support.url C:\Programfiler\TopSalgAntivirus\Graphics\uninstall.ico C:\Programfiler\TopSalgAntivirus\history.db C:\Programfiler\TopSalgAntivirus\LA\lapv.dat C:\Programfiler\TopSalgAntivirus\LA\License.rtf C:\Programfiler\TopSalgAntivirus\Logs C:\Programfiler\TopSalgAntivirus\main.log C:\Programfiler\TopSalgAntivirus\pgs.exe C:\Programfiler\TopSalgAntivirus\ptask.exe C:\Programfiler\TopSalgAntivirus\reload.exe C:\Programfiler\TopSalgAntivirus\ResErrors.log C:\Programfiler\TopSalgAntivirus\scnkrnl.dll C:\Programfiler\TopSalgAntivirus\settings.ini C:\Programfiler\TopSalgAntivirus\sqlite3.dll C:\Programfiler\TopSalgAntivirus\sr.log C:\Programfiler\TopSalgAntivirus\Tools\pblock.dll C:\Programfiler\TopSalgAntivirus\Tools\sbiebho.dll C:\Programfiler\TopSalgAntivirus\unins000.dat C:\Programfiler\TopSalgAntivirus\unins000.exe --------------------- Ska kjøre igjennom med den virusgreia du sendte meg. men den tar jo veldi lang tid da.. hmmm... ska jeg kjøre igjennom hijack enda en gang nå? Den nye fra hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:38:21, on 12.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Ares\Ares.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Media Player - {9E4503CE-5E52-41F9-A603-D63ED018CED5} - C:\WINDOWS\wmpdxm.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: (no name) - {BEEBF973-2D68-4D35-8548-D04AA50E6030} - C:\WINDOWS\system32\atrac.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe" -start O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programfiler\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe O24 - Desktop Component 0: (no name) - http://static.youtube.com/yt/js/watch_all-vfl29352.js O24 - Desktop Component 1: (no name) - http://alrafdean.org/flag-iraq.gif O24 - Desktop Component 2: (no name) - http://www.virtualadvantages.com/images/12...atlpop_back.jpg -- End of file - 7649 bytes Håper på å få orden på det jævla rotet nå.. hehe.. må takke for all hjelp.. du er jo så hjelpsom! Lenke til kommentar
snippsat Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 Start HijackThis finn disse linjene merk dem,så trykk fixed checked. O2 - BHO: Windows Media Player - {9E4503CE-5E52-41F9-A603-D63ED018CED5} - C:\WINDOWS\wmpdxm.dll O2 - BHO: (no name) - {BEEBF973-2D68-4D35-8548-D04AA50E6030} - C:\WINDOWS\system32\atrac.dll O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe" -start O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab O24 - Desktop Component 0: (no name) - http://static.youtube.com/yt/js/watch_all-vfl29352.js O24 - Desktop Component 1: (no name) - http://alrafdean.org/flag-iraq.gif O24 - Desktop Component 2: (no name) - http://www.virtualadvantages.com/images/12...atlpop_back.jpg Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx. Kjør register-renser og. Bruk pcen litt,så gir du tilbakemelding om problemet er borte. Lenke til kommentar
snippsat Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 (endret) Du har ikke antivirus software. Bra gratis antivirus. http://www.free-av.com/ Spyware her forsetter du og bruke superantispyware. Da dette er veldig bra. Endret 12. mars 2008 av SNIPPSAT Lenke til kommentar
theboss22 Skrevet 12. mars 2008 Forfatter Del Skrevet 12. mars 2008 Du har ikke antivirus software. Bra gratis antivirus. http://www.free-av.com/ Spyware her forsetter du og bruke superantispyware. Da dette er veldig bra. Tusen Tusen takk!.. Alt fungerer nå veldig bra.. driver å laster ned virus program nå Men jeg kan slette hijack også combofix nå? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå