Grillkongen Skrevet 23. juni 2008 Del Skrevet 23. juni 2008 (endret) Hei! Jeg fulgte firetrinnsguiden til norbat: https://www.diskusjon.no/index.php?showtopic=691246 for å undersøke om jeg har spyware. Vedlagt ligger loggene fra SAS, combofix og HijackThis. Hadde satt stor pris på om noen kunne se igjennom og fortelle meg hva jeg skal gjøre videre! SAS-log: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 06/23/2008 at 02:56 PM Application Version : 4.15.1000 Core Rules Database Version : 3487 Trace Rules Database Version: 1478 Scan type : Complete Scan Total Scan Time : 00:15:07 Memory items scanned : 415 Memory threats detected : 0 Registry items scanned : 5390 Registry threats detected : 0 File items scanned : 18139 File threats detected : 2 Adware.Tracking Cookie H:\Documents and Settings\Navnet mitt\Cookies\[email protected][2].txt H:\Documents and Settings\Navnet mitt\Cookies\navnet_mitt@atdmt[1].txt *Jeg fikk inntrykk av at disse to filene ble satt i karantene og slettet. Combifixlog: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-06-20.4 - Navnet mitt 2008-06-23 15:00:44.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1467 [GMT 2:00] Running from: H:\Documents and Settings\Navnet mitt\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))) . 2008-06-23 14:38 . 2008-06-23 14:38 <DIR> d-------- H:\Programfiler\SUPERAntiSpyware 2008-06-23 14:38 . 2008-06-23 14:38 <DIR> d-------- H:\Documents and Settings\Navnet mitt\Programdata\SUPERAntiSpyware.com 2008-06-23 14:38 . 2008-06-23 14:38 <DIR> d-------- H:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-23 14:33 . 2008-06-23 14:57 <DIR> dr-h----- H:\Documents and Settings\Navnet mitt\Siste 2008-06-22 17:36 . 2008-06-22 18:26 <DIR> d-------- H:\Programfiler\Bridge Building Game 2008-06-20 12:08 . 2008-06-20 12:08 268 --ah----- H:\sqmdata15.sqm 2008-06-20 12:08 . 2008-06-20 12:08 244 --ah----- H:\sqmnoopt15.sqm 2008-06-19 18:05 . 2008-06-19 18:05 <DIR> d-------- H:\WINDOWS\nvidia icons 2008-06-19 18:05 . 2008-05-02 22:46 182,347 --a------ H:\WINDOWS\system32\nvapps.nvb 2008-06-19 13:42 . 2008-06-19 13:44 <DIR> d-------- H:\WINDOWS\system32\Adobe 2008-06-12 22:51 . 2008-06-12 22:51 <DIR> d-------- H:\Documents and Settings\Stein Emilsen\Programdata\dvdcss 2008-06-11 19:31 . 2008-06-14 20:00 272,256 --------- H:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 19:31 . 2008-06-14 20:00 272,256 -----c--- H:\WINDOWS\system32\dllcache\bthport.sys 2008-06-05 21:18 . 2008-06-05 21:18 244 --ah----- H:\sqmnoopt14.sqm 2008-06-05 21:18 . 2008-06-05 21:18 232 --ah----- H:\sqmdata14.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-23 12:38 --------- d-----w H:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-23 12:33 --------- d-----w H:\Programfiler\Spybot - Search & Destroy 2008-06-23 12:33 --------- d-----w H:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-06-22 12:29 --------- d---a-w H:\Documents and Settings\All Users\Programdata\TEMP 2008-06-22 12:28 --------- d-----w H:\Programfiler\PokerStars 2008-06-20 13:51 --------- d-----w H:\Programfiler\Clue 2008-06-15 01:52 --------- d-----w H:\Programfiler\DC++ 2008-06-04 23:42 --------- d-----w H:\Programfiler\Winamp 2008-05-29 00:41 10,022 --sha-w H:\WINDOWS\system32\KGyGaAvL.sys 2008-05-21 21:21 --------- d-----w H:\Programfiler\Windows Live Safety Center 2008-05-20 21:05 --------- d-----w H:\Programfiler\DivX 2008-05-18 20:40 --------- d-----w H:\Programfiler\PartyGaming 2008-05-18 19:25 --------- d-----w H:\Documents and Settings\Navnet mitt\Programdata\mIRC 2008-05-18 15:42 --------- d-----w H:\Programfiler\mIRC 2008-05-18 15:41 --------- d-----w H:\Documents and Settings\Navnet mitt\Programdata\uTorrent 2008-05-15 11:19 --------- d-----w H:\Programfiler\Audacity 2008-05-12 17:40 --------- d-----w H:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-05-11 20:14 --------- d-----w H:\Programfiler\Yahoo! 2008-05-11 20:06 --------- d-----w H:\Programfiler\Conduit 2008-05-11 20:02 --------- d-----w H:\Programfiler\yourglobaltv 2008-05-11 20:00 --------- d-----w H:\Documents and Settings\Navnet mitt\Programdata\Uniblue 2008-05-08 19:45 --------- d-----w H:\Programfiler\Fellesfiler\Synacast 2008-05-08 12:28 202,752 ----a-w H:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w H:\WINDOWS\system32\quartz.dll 2008-04-30 15:27 442,368 ----a-w H:\WINDOWS\system32\NVUNINST.EXE 2008-04-23 04:22 826,368 ----a-w H:\WINDOWS\system32\wininet.dll 2008-03-25 04:51 621,344 ----a-w H:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w H:\WINDOWS\system32\msjint40.dll 2007-11-30 16:53 18,664 ----a-w H:\Documents and Settings\Navnet mitt\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "MsnMsgr"="H:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "Power2GoExpress"="" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360] "Steam"="d:\steam\steam.exe" [2008-05-18 22:48 1271032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 10:32 16132608 H:\WINDOWS\RTHDCPL.exe] "RemoteControl"="H:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928] "LanguageShortcut"="H:\Programfiler\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832] "NeroFilterCheck"="H:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 H:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="H:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "avast!"="H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "Adobe Reader Speed Launcher"="H:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="H:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="H:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] H:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - H:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= H:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] H:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 H:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= H:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 H:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 H:\Programfiler\QuickTime\QTTask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "H:\\Programfiler\\mIRC\\mirc.exe"= "H:\\Programfiler\\DC++\\DCPlusPlus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Steam\\SteamApps\\grillkongen\\counter-strike source\\hl2.exe"= "D:\\steam\\Steam.exe"= "D:\\Battlefield Vietnam\\bfvietnam.exe"= "H:\\Programfiler\\uTorrent\\uTorrent.exe"= "H:\\Programfiler\\Opera\\Opera.exe"= "H:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "H:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "H:\\WINDOWS\\system32\\dpvsetup.exe"= "H:\\Programfiler\\iTunes\\iTunes.exe"= "D:\\steam\\steamapps\\grillkongen\\half-life\\hl.exe"= R1 aswSP;avast! Self Protection;H:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] S3 PciCon;PciCon;G:\PciCon.sys [] S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . Contents of the 'Scheduled Tasks' folder "2008-06-19 14:09:03 H:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - H:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-23 15:01:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-23 15:01:57 ComboFix-quarantined-files.txt 2008-06-23 13:01:52 Pre-Run: 10,986,401,792 byte ledig Post-Run: 11,249,864,704 byte ledig 137 --- E O F --- 2008-06-20 10:21:54 Logg fra HijackThis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:10:40, on 23.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe H:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe H:\Programfiler\Alwil Software\Avast4\ashServ.exe H:\WINDOWS\system32\spoolsv.exe H:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe H:\WINDOWS\system32\nvsvc32.exe H:\Programfiler\CyberLink\Shared Files\RichVideo.exe H:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe H:\Programfiler\Alwil Software\Avast4\ashWebSv.exe H:\WINDOWS\RTHDCPL.EXE H:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe H:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe H:\Programfiler\iTunes\iTunesHelper.exe H:\WINDOWS\system32\RUNDLL32.EXE H:\WINDOWS\system32\ctfmon.exe H:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe H:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe D:\steam\steam.exe H:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe H:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe H:\Programfiler\iPod\bin\iPodService.exe H:\Programfiler\Windows Live\Messenger\usnsvc.exe H:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe H:\WINDOWS\explorer.exe H:\Programfiler\Opera\Opera.exe H:\WINDOWS\system32\wuauclt.exe H:\Documents and Settings\Navnet mitt\Skrivebord\KapreDette\KapreDette.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] H:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] H:\Programfiler\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [NeroFilterCheck] H:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "H:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "H:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "d:\steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = H:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - H:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - H:\Programfiler\PartyGaming\PartyCasino\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - H:\Programfiler\PartyGaming\PartyCasino\RunApp.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Programfiler\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - H:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - H:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - H:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - H:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - H:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - H:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Programfiler\CyberLink\Shared Files\RichVideo.exe -- End of file - 7908 bytes På forhånd takk! Endret 23. juni 2008 av Grillkongen Lenke til kommentar
norbat Skrevet 23. juni 2008 Del Skrevet 23. juni 2008 Du trenger ikke å gjøre noe annet enn å fortsette slik du gjør, da loggene ser fine ut Du kan la HJT fixe følgende linjer: (Start hjt, velg "Do a system scan only", sett merke framfor linjene og klikk Fix checked) O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - H:\Programfiler\PartyGaming\PartyCasino\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - H:\Programfiler\PartyGaming\PartyCasino\RunApp.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) Lenke til kommentar
Grillkongen Skrevet 23. juni 2008 Forfatter Del Skrevet 23. juni 2008 Takk for et hurtig svar med gode nyheter! Det var meget vennlig av deg Lenke til kommentar
r2d290 Skrevet 23. juni 2008 Del Skrevet 23. juni 2008 SAS kan du velge å beholde, eller avinstallere fra legg til/fjern programmer. Combofix må avinstalleres. Start->kjør->skriv: combofix /u Dette vil avinstallere programmet, nullstille systemgjenoprettingsmappen, og slette midlertidige filen. Du kan avinstallere HijackThis: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen. Det ser ut til at din verjson av Java er utdatert Oppdatere Java: Trykk på følgende link, og last ned nyeste versjon av Java (Ikke beta):http://java.sun.com/javase/downloads/index.jsp [*]Gå til Start > Kontrollpanel > Legg til/fjern programmer. [*]Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... ) Alle disse versjonene bør ha dette bildet foran: Velg alle du finner, og trykk på Fjern [*]Deretter installerer du den Java-versjonen som du lastet ned i starten. Lenke til kommentar
Grillkongen Skrevet 24. juni 2008 Forfatter Del Skrevet 24. juni 2008 MÅ jeg avinstallere combofix, eller kan det få lov til å være der? Skal få oppdatert java... Lenke til kommentar
r2d290 Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 Combofix kommer ofte med oppdateringer, så hvis du blir infisert en gang senere, laster du bare ned en ny versjon. Du skal uansett ikke bruke Combofix uten ekspertisehjelp, så er ikke noe poeng i å beholde. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå