snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 (endret) Vet ikke helt hva du gjør Kan hende du må ha på "vis skjulte filer" Explorer->verktøy->mappealternativer->vis-> Sett hake på "vis skjulte filer og mapper" Fjern hake på "skjul beskyttede oprativsystem filer" Da kan du se alle filer på systemet. Lag en ny hjt-logg så får vi se. Endret 22. mars 2008 av SNIPPSAT Lenke til kommentar
saluttknall Skrevet 22. mars 2008 Forfatter Del Skrevet 22. mars 2008 Det er ingenting verken på verktøymenyen eller under alternativer for internett som heter mappealternativer. Lenke til kommentar
snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 Start->min datamaskin Da finner du verktøy på øverste linje. Explorer er ikke ieExplorer Lenke til kommentar
saluttknall Skrevet 22. mars 2008 Forfatter Del Skrevet 22. mars 2008 Klikk for å se/fjerne spoilerteksten nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:24:27, on 22.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\video\services.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programfiler\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe C:\Programfiler\ScanSoft\OmniPagePro14.0\Opware14.exe C:\Programfiler\ScanSoft\OmniPagePro14.0\OpScheduler.exe c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programfiler\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\crypserv.exe C:\Programfiler\F-Secure Anti-Virus\fswsclds.exe C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe C:\WINDOWS\System32\svchost.exe C:\JAWS510\jfw.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe C:\Programfiler\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\JAWS510\JHookLdr.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [WorkFlowTray] "C:\Programfiler\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" O4 - HKLM\..\Run: [Opware14] "C:\Programfiler\ScanSoft\OmniPagePro14.0\Opware14.exe" O4 - HKLM\..\Run: [OpScheduler] "C:\Programfiler\ScanSoft\OmniPagePro14.0\OpScheduler.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Advarsel.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: utlånsbetingelser.rtf (User 'SYSTEM') O4 - .DEFAULT Startup: Advarsel.exe (User 'Default user') O4 - .DEFAULT Startup: utlånsbetingelser.rtf (User 'Default user') O4 - .DEFAULT User Startup: Advarsel.exe (User 'Default user') O4 - .DEFAULT User Startup: utlånsbetingelser.rtf (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-siemens.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098953506825 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: c209f9drv - C:\WINDOWS\SYSTEM32\xmlst32.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programfiler\F-Secure Anti-Virus\fswsclds.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: JFWService - Freedom Scientific BLV Group, LLC - C:\JAWS510\jfw.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8916 bytes Klikk for å se/fjerne spoilerteksten nedenfor Lenke til kommentar
snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 (endret) Nei nå lurerer jeg på hva du driver med. Den er helt lik. Har du gjort dette. Start HijackThis finn disse linjene merk dem,så trykk fix checked.C:\WINDOWS\system32\drivers\video\services.exe O4 - S-1-5-18 Startup: Advarsel.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: utlånsbetingelser.rtf (User 'SYSTEM') O4 - .DEFAULT Startup: Advarsel.exe (User 'Default user') O4 - .DEFAULT Startup: utlånsbetingelser.rtf (User 'Default user') O4 - .DEFAULT User Startup: Advarsel.exe (User 'Default user') O4 - .DEFAULT User Startup: utlånsbetingelser.rtf (User 'Default user') O20 - Winlogon Notify: c209f9drv - C:\WINDOWS\SYSTEM32\xmlst32.dll ???????????? Loggen sier at du har"C:\WINDOWS\system32\drivers\video\services.exe" Får du ikke slettet denne med hverken unlocker eller move on boot? Endret 22. mars 2008 av SNIPPSAT Lenke til kommentar
saluttknall Skrevet 22. mars 2008 Forfatter Del Skrevet 22. mars 2008 Nettopp. Det er noe muffins med den filen ser det ut til. Lenke til kommentar
snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 (endret) Ja det er noe muffines det er derfor den skal fjernes. services.exe skal kun kjøres fra System32 mappen ingen andre steder. Hva skjer nå du går til filen. Høyereklikk og unlocker? Endret 22. mars 2008 av SNIPPSAT Lenke til kommentar
saluttknall Skrevet 22. mars 2008 Forfatter Del Skrevet 22. mars 2008 Det samme som skjer på alle andre filer. Jeg får valget mellom diverse alternativer. Så velger jeg filen, trykker slett og alt er tilbake til det normale. Lenke til kommentar
snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 (endret) Hmm vil dette si at du gjør som bildet av unlocker jeg poste. Trykker ok. Og filen blir ikke borte?? Har vansklig for og tro at dette skjer på alle filer. Når det står ingen låsehantering,skal det gå og slette filen på den gode gamle måten delete. Endret 22. mars 2008 av SNIPPSAT Lenke til kommentar
saluttknall Skrevet 22. mars 2008 Forfatter Del Skrevet 22. mars 2008 Nei, der kommer vi til forskjellen. Til vanlig blir filen da borte, men det er noe med denne filen som gjør at den ikke blir borte. Lenke til kommentar
saluttknall Skrevet 22. mars 2008 Forfatter Del Skrevet 22. mars 2008 Det er ikke mulig å bruke delete når det står ingen handling. Når jeg velger slett i kombinasjonsboksen forsvinner ok-knappen så jeg får ikke til å bruke den funksjonen. Lenke til kommentar
saluttknall Skrevet 22. mars 2008 Forfatter Del Skrevet 22. mars 2008 Men det er det som er så pussig. Det går verken å bruke delete eller slettknappen i locker. Når jeg skal bruke slettknappen der forsvinner nemlig okknappen så det ikke er mulig å velge noe der. Delete fungerer ikke for da hadde jeg brukt det fra starten av og problemet ville vært løst. Lenke til kommentar
snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 He det var da som svarte. Slå av avg den kan holde den igjen(prøv med unlocker nå) Boot trykk f8 flere ganger velg sikkerhetmodus. Prøv og slette den her. http://itpro.no/art/9467.html Skriv. Del C:\WINDOWS\system32\drivers\video\services.exe Eller så må du lage en live os cd. http://www.download.com/BartPE-Bootable-Li...tml?tag=lst-0-1 Lenke til kommentar
norbat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 Alt. Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\SYSTEM32\xmlst32.dll C:\WINDOWS\system32\drivers\video\services.exe Registry keys to delete: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c209f9drv Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Den kan du godt poste Prøv deretter å kjøre combofix igjen Lenke til kommentar
saluttknall Skrevet 22. mars 2008 Forfatter Del Skrevet 22. mars 2008 Når jeg går inn i unlocker, velger filen og slett er det ikke lenger noen okknapp jeg kan trykke på. Den forsvinner bare. Hadde jeg kunnet brukt delete hadde ikke dette vært noe problem Lenke til kommentar
snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 Delete fungerer ikke for da hadde jeg brukt det fra starten Viss du høyere klikker på filen og slett. Skjer det ikke noe? Lenke til kommentar
snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 Hei norbat ja avenger kan være løsning. Var litt rart dette synes jeg. Lenke til kommentar
fenderebest Skrevet 23. mars 2008 Del Skrevet 23. mars 2008 Eller bare bruk den manuelle metoden Lenke til kommentar
saluttknall Skrevet 23. mars 2008 Forfatter Del Skrevet 23. mars 2008 Klikk for å se/fjerne spoilerteksten nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:20:09, on 23.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programfiler\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe C:\Programfiler\ScanSoft\OmniPagePro14.0\Opware14.exe c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programfiler\ScanSoft\OmniPagePro14.0\OpScheduler.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\crypserv.exe C:\Programfiler\F-Secure Anti-Virus\fswsclds.exe C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe C:\WINDOWS\System32\svchost.exe C:\JAWS510\jfw.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe C:\Programfiler\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\JAWS510\JHookLdr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [WorkFlowTray] "C:\Programfiler\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" O4 - HKLM\..\Run: [Opware14] "C:\Programfiler\ScanSoft\OmniPagePro14.0\Opware14.exe" O4 - HKLM\..\Run: [OpScheduler] "C:\Programfiler\ScanSoft\OmniPagePro14.0\OpScheduler.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Advarsel.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: utlånsbetingelser.rtf (User 'SYSTEM') O4 - .DEFAULT Startup: Advarsel.exe (User 'Default user') O4 - .DEFAULT Startup: utlånsbetingelser.rtf (User 'Default user') O4 - .DEFAULT User Startup: Advarsel.exe (User 'Default user') O4 - .DEFAULT User Startup: utlånsbetingelser.rtf (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-siemens.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098953506825 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programfiler\F-Secure Anti-Virus\fswsclds.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: JFWService - Freedom Scientific BLV Group, LLC - C:\JAWS510\jfw.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8768 bytes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:20:09, on 23.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programfiler\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe C:\Programfiler\ScanSoft\OmniPagePro14.0\Opware14.exe c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programfiler\ScanSoft\OmniPagePro14.0\OpScheduler.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\crypserv.exe C:\Programfiler\F-Secure Anti-Virus\fswsclds.exe C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe C:\WINDOWS\System32\svchost.exe C:\JAWS510\jfw.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe C:\Programfiler\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\JAWS510\JHookLdr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [WorkFlowTray] "C:\Programfiler\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" O4 - HKLM\..\Run: [Opware14] "C:\Programfiler\ScanSoft\OmniPagePro14.0\Opware14.exe" O4 - HKLM\..\Run: [OpScheduler] "C:\Programfiler\ScanSoft\OmniPagePro14.0\OpScheduler.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Advarsel.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: utlånsbetingelser.rtf (User 'SYSTEM') O4 - .DEFAULT Startup: Advarsel.exe (User 'Default user') O4 - .DEFAULT Startup: utlånsbetingelser.rtf (User 'Default user') O4 - .DEFAULT User Startup: Advarsel.exe (User 'Default user') O4 - .DEFAULT User Startup: utlånsbetingelser.rtf (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-siemens.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098953506825 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programfiler\F-Secure Anti-Virus\fswsclds.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: JFWService - Freedom Scientific BLV Group, LLC - C:\JAWS510\jfw.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8768 bytes Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå