MrBaboy Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 (endret) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:51:43, on 04.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\CTHELPER.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe C:\Programfiler\Lexmark X1100 Series\lxbkbmon.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\Mamut Teamwork\Mamut Teamwork\Mamut Teamwork.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Webroot\Spy Sweeper\SSU.EXE C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Programfiler\NetProject\sbmdl.dll (file missing) O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTXFIREG] C:\drivers\audio\addon\common\i386\CTxfiReg.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DMXLauncher] "C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [EverioService] "C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\NetProject\sbmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mamut Teamwork.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.4.4.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lover-girl1992.spaces.live.com//Pho...ad/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138223154390 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://eurofoto.if.no/uploader/ImageUploader4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.161.226.178:1111/activex/AMC.cab O16 - DPF: {E43DF60D-D6FA-42AB-921C-FE0A023C5BE1} (eWebEditProLibCtl.eWebEditPro) - http://adm.home.online.no/ewebeditpro2/ewebeditpro.cab O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 15023 bytes Endret 4. juni 2008 av MrBaboy Lenke til kommentar
InsertNumLock Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 Du kan kjøre loggen gjennom her så kan du se hva som trenger å fikses. http://www.hijackthis.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file) O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Programfiler\NetProject\sbmdl.dll (file missing) O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\NetProject\sbmntr.exe O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file) Lenke til kommentar
r2d290 Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 (endret) Jeg vil heller at du venter til en erfaren analytiker kommer og analyserer. kan nesten garantere deg at noe galt skjer hvis du prøver deg på egenhånd. edit: den gitte linken skal ikke brukes av nybegynnere, men den er ment som et hjelpemiddel til de som har god erfaring med å analysere logger... Endret 4. juni 2008 av r2d290 Lenke til kommentar
MrBaboy Skrevet 4. juni 2008 Forfatter Del Skrevet 4. juni 2008 (endret) Jeg tenker jeg venter ja... Når jeg selv sitter og kikker i loggen ser jeg noen ting som jeg vil tro at er helt unødvendig at kjører nå, eller jeg lurer på hvorfor de gjør/må gjøre det selv om jeg ikke bruker de tingene til noe nå. C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe (F.eks. denne har med pragramvare til mitt videokamera, men det er ikke i bruk eller tilkoblet nå. Hvorfor er den i gang nå da?) C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\iPod\bin\iPodService.exe (Dette er ting jeg skjelden bruker, men er programmer som ligger her da.) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com (Tro hva disse er? ..hehe) O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray (Denne Nokia-saken bruker jeg skjelden og nesten aldri.) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lover-girl1992.spaces.live.com//Pho...ad/MsnPUpld.cab ( I alle dager !!!!????) O16 - DPF: {E43DF60D-D6FA-42AB-921C-FE0A023C5BE1} (eWebEditProLibCtl.eWebEditPro) - http://adm.home.online.no/ewebeditpro2/ewebeditpro.cab (Hmmm....?) O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe (Sønnen min hadde lagt inn noe her til Ipod'n sin her for en god tid siden. Det har jeg også avinstallert igjen for lenge siden, men likevel er det noe Ipod-greier her!!??) Sikkert flere ting her som surrer som ikke trenger det eller absolutt ikke skulle være her, men jeg skjønner meg ikke på dette... Endret 4. juni 2008 av MrBaboy Lenke til kommentar
norbat Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 Fix de linjene Hille lister opp. Hent deretter Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
MrBaboy Skrevet 4. juni 2008 Forfatter Del Skrevet 4. juni 2008 Har nå Lat HJT fixe de nevnte linjene og kjørt ComboFix. ComboFix LOG. WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start-meny\Online Security Guide.url C:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url C:\Documents and Settings\Ofelia Leilani\Favoritter\Online Security Test.url . ((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))) . 2008-06-04 09:50 . 2008-06-04 09:50 <DIR> d----c--- C:\Programfiler\Trend Micro 2008-06-03 21:38 . 2008-06-03 21:38 <DIR> d----c--- C:\Programfiler\Webroot 2008-06-03 21:38 . 2008-06-03 21:38 <DIR> d----c--- C:\Documents and Settings\Ofelia Leilani\Programdata\Webroot 2008-06-03 21:38 . 2008-06-03 21:38 <DIR> d----c--- C:\Documents and Settings\NetworkService\Programdata\Webroot 2008-06-03 21:38 . 2008-06-03 21:38 <DIR> d----c--- C:\Documents and Settings\All Users\Programdata\Webroot 2008-06-03 21:38 . 2008-01-04 20:56 1,526,640 --a--c--- C:\WINDOWS\WRSetup.dll 2008-06-03 21:38 . 2008-01-04 20:34 163,696 --a--c--- C:\WINDOWS\system32\drivers\ssidrv.sys 2008-06-03 21:38 . 2008-01-04 20:34 23,920 --a--c--- C:\WINDOWS\system32\drivers\sskbfd.sys 2008-06-03 21:38 . 2008-01-04 20:34 21,872 --a--c--- C:\WINDOWS\system32\drivers\sshrmd.sys 2008-06-03 21:38 . 2008-01-04 20:34 20,336 --a--c--- C:\WINDOWS\system32\drivers\SSFS0BB9.sys 2008-06-03 11:55 . 2008-06-04 09:01 <DIR> d----c--- C:\Programfiler\Panda Security 2008-06-03 11:22 . 2008-06-03 13:41 <DIR> d----c--- C:\WINDOWS\BDOSCAN8 2008-06-03 11:03 . 2008-06-03 11:03 <DIR> d----c--- C:\WINDOWS\system32\824223 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 09:03 --------- dc----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-06-04 08:23 --------- dc----w C:\Programfiler\Macrogaming 2008-06-04 06:37 --------- dc----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-06-03 11:59 --------- dc-h--w C:\Programfiler\InstallShield Installation Information 2008-06-03 06:35 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-03 06:35 60,800 -c--a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-06-03 06:35 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-06-03 06:35 10,671 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-06-03 06:35 --------- dc----w C:\Programfiler\Symantec 2008-05-22 07:53 --------- dc----w C:\Programfiler\Google 2008-05-14 16:01 --------- dc----w C:\Programfiler\Lexmark X1100 Series 2008-05-10 14:09 --------- dc----w C:\Programfiler\Fellesfiler\Adobe 2008-05-10 14:08 --------- dc----w C:\Documents and Settings\Ofelia Leilani\Programdata\AdobeUM 2008-04-29 12:23 --------- dc-h--r C:\Documents and Settings\Ofelia Leilani\Programdata\yahoo! 2008-04-29 12:23 --------- dc----w C:\Documents and Settings\Ofelia Leilani\Programdata\Lavasoft 2008-04-29 12:23 --------- dc----w C:\Documents and Settings\All Users\Programdata\yahoo! 2008-04-28 08:47 --------- dc----w C:\Programfiler\LimeWire 2008-03-25 04:51 621,344 -c--a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 -c--a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:11 1,845,248 -c--a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-25 05:51 316784 --a--c--- C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-03-13 10:16 116088 --a--c--- C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 05:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 05:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25 94208] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 14:00 33280 C:\WINDOWS\system32\rundll32.exe] "CTHelper"="CTHELPER.EXE" [2005-09-20 13:08 16384 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 07:07 19968 C:\WINDOWS\system32\CTXFIHLP.EXE] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56 139264] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248] "CTDVDDET"="C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 03:00 45056] "VolPanel"="C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 13:34 122880] "AudioDrvEmulator"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 20:25 49152] "CTXFIREG"="C:\drivers\audio\addon\common\i386\CTxfiReg.exe" [2005-11-11 07:07 36864] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 03:02 86016] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936] "DataLayer"="C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944] "Lexmark X1100 Series"="C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 17:06 57344] "EverioService"="C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 22:10 151552] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-08-25 06:53 714608] "SpySweeper"="C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\Ofelia Leilani\Start-meny\Programmer\Oppstart\ Mamut Teamwork.lnk - C:\Documents and Settings\Ofelia Leilani\Programdata\Microsoft\Installer\{B1A0C792-C497-44AD-8030-A46A9D4A2792}\_26e91eb.exe [2008-03-10 17:54:20 3638] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.MJPG"= Pvmjpg30.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2008-02-19 14:10 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Programfiler\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"= "C:\\Programfiler\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "C:\\Programfiler\\CyberLink\\PCM4Everio\\EverioService.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon [] R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 12:53] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-31 12:49] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7921bbdb-14f4-11dd-89ca-0013720798c8}] \Shell\AutoRun\command - J:\laucher.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-06-02 21:39:14 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør full systemskanning - Ofelia Leilani.job" - C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-04 11:04:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "IAAnotif"="\"C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\"" . Completion time: 2008-06-04 11:06:04 ComboFix-quarantined-files.txt 2008-06-04 09:05:32 Pre-Run: 339,401,150,464 byte ledig Post-Run: 339,518,562,304 byte ledig 175 --- E O F --- 2008-05-27 22:36:30 Lenke til kommentar
norbat Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 Hvordan kjører PC-en nå? Hva ligger i mappa: C:\WINDOWS\system32\824223 (skru på 'vis skjulte filer og mapper') Lenke til kommentar
MrBaboy Skrevet 4. juni 2008 Forfatter Del Skrevet 4. juni 2008 PC-en virker treg, men jeg vet ikke om den er tregere enn normalt. Jeg synes Norton Int. Security gjør maskinen utrolig treg. Har lyst til å bytte det med noe som ikke er så tungt, men vet ikke til hva enda. Har NIS gratis via telenor online, så derfor bruker jeg det. Får fortsatt ikke til å endre startsiden, og jeg finner ikke ut av dette som jeg sa i mitt innlegg i den andre tråden... at jeg ikke kjenner igjen beskrivelsen som ble gitt om hvordan man går inn i Norton for å løse problemet. Hmmm...finner ikke System32 blandt mappene i Windows. Bare "System". Er den skjult da? Hvordan får jeg opp skjulte filer og mapper? Ja, mange ting jeg ikke skjønner med PC...hehe Lenke til kommentar
MrBaboy Skrevet 4. juni 2008 Forfatter Del Skrevet 4. juni 2008 Fant C:\WINDOWS\system32\824223 med søk-funksjonen og når jeg åpnet mappen 824223 var det absolutt ingen ting som vistes der... Lenke til kommentar
norbat Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 Det kan også være Spy Sweeper som sperrer for bytte av startside. Lenke til kommentar
MrBaboy Skrevet 4. juni 2008 Forfatter Del Skrevet 4. juni 2008 Det kan også være Spy Sweeper som sperrer for bytte av startside. Ja, det har du helt rett i gitt... Da er det problemet løst. Når kan jeg forvente tilbakemelding på mine logger? Lenke til kommentar
snippsat Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 (endret) Du har nok fått tilbakemelding. Norbat ville fjernet grums viss det var noe i combofix-loggen. Da er bra Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Jeg synes Norton Int. Security gjør maskinen utrolig treg.Har lyst til å bytte det med noe som ikke er så tungt, men vet ikke til hva enda. Har NIS gratis via telenor online, så derfor bruker jeg det. Skal du bytte bruker du denne Norton-Removal-Tool Et bra gratis oppsetter er avira + comodo http://www.free-av.com/ http://www.personalfirewall.comodo.com/ Endret 4. juni 2008 av SNIPPSAT Lenke til kommentar
r2d290 Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 Og når du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full redigering. Øverst der emnetittelen diner, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Lenke til kommentar
norbat Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 Hadde det vært noe, hadde du fått beskjed. Men, ser at det kan være en litt diffus tilbakemelding Følg Snippsat sine råd til slutt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå