Datasmurfen Skrevet 28. juni 2008 Del Skrevet 28. juni 2008 (endret) Har fått opp noen feilmeldinger som kommer når jeg starter pcen! Disse kan leses i vedlegget som følger med emnet.. Kan noen hjelpe meg?? Endret 28. juni 2008 av Oddy26 Lenke til kommentar
snillekim Skrevet 28. juni 2008 Del Skrevet 28. juni 2008 Har du tømt temp-mappa i det siste? Eller brukt systemopprydning? Lenke til kommentar
Anders Moen Skrevet 28. juni 2008 Del Skrevet 28. juni 2008 Meldingene betyr at de filene er borte. Mest sannsynlig et virus/trojaner eller noe som har slettet filene eller noe sånt..tror jeg - iallfall det som har skjedd hver gang jeg har fått noe virus Lenke til kommentar
Datasmurfen Skrevet 28. juni 2008 Forfatter Del Skrevet 28. juni 2008 (endret) Har du tømt temp-mappa i det siste?Eller brukt systemopprydning? Hvor finner jeg systemopprydning? EDIT: Hva bør jeg gjøre for å fikse opp i dette? Endret 28. juni 2008 av Oddy26 Lenke til kommentar
norbat Skrevet 29. juni 2008 Del Skrevet 29. juni 2008 Meldingene du får skyldes noen registeroppføringer som ikke er slettet etter at filene (som forøvrig er knyttet til en Vundo-infeksjone) er fjernet. Det du skal gjøre er å kjøre combofix og poste loggen den lager: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Datasmurfen Skrevet 29. juni 2008 Forfatter Del Skrevet 29. juni 2008 ComboFix 08-06-20.4 - Eier 2008-06-29 12:02:06.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1686 [GMT 2:00] Running from: C:\Users\Eier\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\KBL.LOG . ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))) . 2008-06-28 22:29 . 2008-06-28 23:12 <DIR> d-------- C:\Users\Eier\AppData\Roaming\LimeWire 2008-06-28 22:25 . 2008-06-28 22:25 <DIR> d-------- C:\Program Files\LimeWire 2008-06-21 20:43 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\System32\D3DCompiler_34.dll 2008-06-21 20:43 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\System32\d3dx10_34.dll 2008-06-21 20:43 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\System32\xactengine2_8.dll 2008-06-21 20:43 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\System32\x3daudio1_2.dll 2008-06-21 20:41 . 2008-06-21 21:07 107,832 --a------ C:\WINDOWS\System32\PnkBstrB.exe 2008-06-21 20:41 . 2008-06-21 21:00 66,872 --a------ C:\WINDOWS\System32\PnkBstrA.exe 2008-06-21 20:41 . 2008-06-21 21:07 22,328 --a------ C:\WINDOWS\System32\drivers\PnkBstrK.sys 2008-06-21 20:41 . 2008-06-21 20:41 22,328 --a------ C:\Users\Eier\AppData\Roaming\PnkBstrK.sys 2008-06-21 20:41 . 2008-06-21 20:41 319 --a------ C:\WINDOWS\game.ini 2008-06-21 20:11 . 2008-06-21 20:11 <DIR> d-------- C:\Program Files\Activision 2008-06-18 16:02 . 2008-06-27 21:03 <DIR> d-------- C:\Users\Eier\AppData\Roaming\dvdcss 2008-06-17 12:29 . 2008-06-17 12:29 <DIR> d-------- C:\Program Files\Rockstar Games 2008-06-15 21:08 . 2008-06-15 21:08 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-06-15 21:05 . 2008-06-15 21:05 717,296 --a------ C:\WINDOWS\System32\drivers\sptd.sys 2008-06-15 21:04 . 2008-06-15 21:04 <DIR> d-------- C:\Users\Eier\AppData\Roaming\DAEMON Tools 2008-06-14 20:41 . 2008-06-14 20:41 <DIR> d-------- C:\Users\Eier\Shared 2008-06-14 20:41 . 2008-06-22 15:50 <DIR> d-------- C:\Program Files\MP3 Rocket 2008-06-13 09:53 . 2008-06-13 09:53 <DIR> d-------- C:\Program Files\MAIET 2008-06-12 16:33 . 2008-06-12 17:04 <DIR> d-------- C:\Users\Eier\AppData\Roaming\TeamViewer 2008-06-12 16:32 . 2008-06-23 21:11 <DIR> d-------- C:\Users\Eier\temp 2008-06-12 11:36 . 2008-06-12 11:42 <DIR> d-------- C:\Program Files\Valve 2008-06-11 10:48 . 2008-06-11 10:51 <DIR> d-------- C:\Program Files\Counter-Strike 1.6 2008-06-11 10:29 . 2008-06-12 12:31 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-11 10:24 . 2008-06-29 11:56 <DIR> d-------- C:\WINDOWS\System32\drivers\Avg 2008-06-11 10:24 . 2008-06-11 10:24 96,520 --a------ C:\WINDOWS\System32\drivers\avgldx86.sys 2008-06-11 10:24 . 2008-06-11 10:24 67,080 --a------ C:\WINDOWS\System32\drivers\avgwfpx.sys 2008-06-11 10:24 . 2008-06-11 10:24 10,520 --a------ C:\WINDOWS\System32\avgrsstx.dll 2008-06-11 10:23 . 2008-06-11 10:23 <DIR> d-------- C:\Users\All Users\avg8 2008-06-11 10:23 . 2008-06-11 10:23 <DIR> d-------- C:\ProgramData\avg8 2008-06-11 10:23 . 2008-06-11 10:23 <DIR> d-------- C:\Program Files\AVG 2008-06-11 08:50 . 2008-04-23 06:27 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll 2008-06-11 08:50 . 2008-04-23 06:27 428,032 --a------ C:\WINDOWS\System32\EncDec.dll 2008-06-11 08:50 . 2008-04-23 06:27 292,352 --a------ C:\WINDOWS\System32\psisdecd.dll 2008-06-11 08:50 . 2008-04-23 06:26 218,624 --a------ C:\WINDOWS\System32\psisrndr.ax 2008-06-11 08:50 . 2008-04-23 06:26 80,896 --a------ C:\WINDOWS\System32\MSNP.ax 2008-06-11 08:50 . 2008-04-23 06:26 68,608 --a------ C:\WINDOWS\System32\Mpeg2Data.ax 2008-06-11 08:50 . 2008-04-23 06:26 57,856 --a------ C:\WINDOWS\System32\MSDvbNP.ax 2008-06-11 08:44 . 2008-04-29 03:42 220,160 --a------ C:\WINDOWS\System32\drivers\bthport.sys 2008-06-11 08:44 . 2008-04-29 05:50 181,760 --a------ C:\WINDOWS\System32\fsquirt.exe 2008-06-11 08:44 . 2008-04-29 03:42 29,184 --a------ C:\WINDOWS\System32\drivers\BTHUSB.SYS 2008-06-11 08:44 . 2008-04-29 03:42 19,456 --a------ C:\WINDOWS\System32\drivers\bthenum.sys 2008-06-11 08:24 . 2008-06-11 08:29 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-06-11 08:24 . 2008-06-11 08:29 <DIR> d-------- C:\ProgramData\Lavasoft 2008-06-11 08:24 . 2008-06-11 08:24 <DIR> d-------- C:\Program Files\Lavasoft 2008-06-11 08:23 . 2008-06-11 08:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-10 22:28 . 2008-06-10 22:28 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-06-10 21:27 . 2008-06-10 21:46 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-10 21:27 . 2008-06-10 21:46 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-06-10 21:27 . 2008-06-10 21:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-09 21:27 . 2008-06-09 21:28 <DIR> d-------- C:\Program Files\Notepad++ 2008-06-09 21:17 . 2008-06-09 21:19 <DIR> d-------- C:\wamp 2008-06-09 13:12 . 2008-06-09 13:12 <DIR> d-------- C:\Users\Eier\Incomplete 2008-06-09 13:11 . 2008-06-22 15:50 <DIR> d-------- C:\Users\Eier\AppData\Roaming\MP3Rocket 2008-06-09 12:41 . 2008-06-09 12:41 <DIR> d-------- C:\Users\All Users\Messenger Plus! 2008-06-09 12:41 . 2008-06-09 12:41 <DIR> d-------- C:\ProgramData\Messenger Plus! 2008-06-09 12:01 . 2008-06-09 12:01 <DIR> d-------- C:\Users\Eier\AppData\Roaming\SmartFTP 2008-06-09 12:00 . 2008-06-09 12:00 <DIR> d-------- C:\Program Files\SmartFTP Client 2008-06-09 11:59 . 2008-06-09 11:59 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-06-09 10:09 . 2008-06-09 10:09 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-06-08 23:02 . 2008-06-08 23:02 <DIR> d-------- C:\Users\All Users\LightScribe 2008-06-08 23:02 . 2008-06-08 23:02 <DIR> d-------- C:\ProgramData\LightScribe 2008-06-08 22:53 . 2008-06-08 22:53 <DIR> d-------- C:\Users\Eier\AppData\Roaming\HP 2008-06-08 22:53 . 2008-06-09 12:47 <DIR> d-------- C:\Users\Eier\AppData\Roaming\CyberLink 2008-06-08 22:53 . 2008-06-08 22:53 <DIR> d-------- C:\Users\All Users\HP 2008-06-08 22:53 . 2008-06-08 22:53 <DIR> d-------- C:\ProgramData\HP 2008-06-08 22:48 . 2008-06-08 22:48 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Music 2008-06-08 22:43 . 2008-06-08 22:43 <DIR> d-------- C:\Users\Eier\AppData\Roaming\vlc 2008-06-08 22:42 . 2008-06-08 22:42 <DIR> d-------- C:\Program Files\VideoLAN 2008-06-08 22:39 . 2008-06-24 19:45 <DIR> d-------- C:\Users\Eier\AppData\Roaming\uTorrent 2008-06-08 22:39 . 2008-06-08 22:39 <DIR> d-------- C:\Program Files\uTorrent 2008-06-07 10:46 . 2008-06-07 10:48 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-07 10:45 . 2008-06-07 10:45 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-06-07 10:45 . 2008-06-07 10:45 <DIR> d-------- C:\ProgramData\WLInstaller 2008-06-07 10:45 . 2008-06-09 10:09 <DIR> d-------- C:\Program Files\Windows Live 2008-06-06 19:08 . 2008-06-28 22:31 <DIR> d-------- C:\Users\Eier\AppData\Roaming\mIRC 2008-06-06 19:08 . 2008-06-22 11:39 <DIR> d-------- C:\Program Files\mIRC 2008-06-06 15:12 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\System32\drivers\COH_Mon.sys 2008-06-06 15:12 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\System32\drivers\COH_Mon.cat 2008-06-06 15:12 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\System32\drivers\COH_Mon.inf 2008-06-05 15:46 . 2007-07-12 02:49 186,256 --a------ C:\WINDOWS\System32\SymNPPWA.dll 2008-06-04 22:42 . 2008-06-04 22:42 <DIR> d-------- C:\Users\Eier\AppData\Roaming\PeerNetworking 2008-06-04 21:24 . 2008-06-26 23:52 66,160 --a------ C:\Users\Eier\AppData\Roaming\nvModes.dat 2008-06-04 13:39 . 2008-06-04 13:39 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll 2008-06-04 13:39 . 2008-06-04 13:39 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys 2008-06-04 13:38 . 2008-06-04 13:38 8,147,968 --a------ C:\WINDOWS\System32\wmploc.DLL 2008-06-04 13:38 . 2008-06-04 13:38 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys 2008-06-04 13:38 . 2008-06-04 13:38 356,864 --a------ C:\WINDOWS\System32\MediaMetadataHandler.dll 2008-06-04 13:38 . 2008-06-04 13:38 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys 2008-06-04 13:38 . 2008-06-04 13:38 7,680 --a------ C:\WINDOWS\System32\spwmp.dll 2008-06-04 13:38 . 2008-06-04 13:38 4,096 --a------ C:\WINDOWS\System32\msdxm.ocx 2008-06-04 13:38 . 2008-06-04 13:38 4,096 --a------ C:\WINDOWS\System32\dxmasf.dll 2008-06-04 13:36 . 2008-06-04 13:36 803,328 --a------ C:\WINDOWS\System32\drivers\tcpip.sys 2008-06-04 13:36 . 2008-06-04 13:36 216,632 --a------ C:\WINDOWS\System32\drivers\netio.sys 2008-06-04 13:36 . 2008-06-04 13:36 167,424 --a------ C:\WINDOWS\System32\tcpipcfg.dll 2008-06-04 13:36 . 2008-06-04 13:36 24,064 --a------ C:\WINDOWS\System32\netcfg.exe 2008-06-04 13:36 . 2008-06-04 13:36 22,016 --a------ C:\WINDOWS\System32\netiougc.exe 2008-06-04 13:35 . 2008-06-04 13:35 1,585,664 --a------ C:\WINDOWS\System32\setupapi.dll 2008-06-04 13:33 . 2008-06-04 13:33 2,027,008 --a------ C:\WINDOWS\System32\win32k.sys 2008-06-04 13:33 . 2008-06-04 13:33 737,792 --a------ C:\WINDOWS\System32\inetcomm.dll 2008-06-04 13:33 . 2008-06-04 13:33 296,448 --a------ C:\WINDOWS\System32\gdi32.dll 2008-06-04 13:33 . 2008-06-04 13:33 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL 2008-06-04 13:33 . 2008-06-04 13:33 84,480 --a------ C:\WINDOWS\System32\INETRES.dll 2008-06-04 13:33 . 2008-06-04 13:33 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL 2008-06-04 13:33 . 2008-06-04 13:33 2,048 --a------ C:\WINDOWS\System32\asferror.dll 2008-06-04 13:32 . 2008-06-04 13:32 11,776 --a------ C:\WINDOWS\System32\sbunattend.exe 2008-06-04 13:31 . 2008-06-04 13:31 4,247,552 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll 2008-06-04 13:31 . 2008-06-04 13:31 1,686,528 --a------ C:\WINDOWS\System32\gameux.dll 2008-06-04 13:31 . 2008-06-04 13:31 130,048 --a------ C:\WINDOWS\System32\drivers\srv2.sys 2008-06-04 13:31 . 2008-06-04 13:31 101,888 --a------ C:\WINDOWS\System32\drivers\mrxsmb.sys 2008-06-04 13:31 . 2008-06-04 13:31 84,992 --a------ C:\WINDOWS\System32\drivers\srvnet.sys 2008-06-04 13:31 . 2008-06-04 13:31 83,968 --a------ C:\WINDOWS\System32\dnsrslvr.dll 2008-06-04 13:31 . 2008-06-04 13:31 58,368 --a------ C:\WINDOWS\System32\drivers\mrxsmb20.sys 2008-06-04 13:31 . 2008-06-04 13:31 24,576 --a------ C:\WINDOWS\System32\dnscacheugc.exe 2008-06-04 13:30 . 2008-06-04 13:30 788,992 --a------ C:\WINDOWS\System32\rpcrt4.dll 2008-06-04 13:29 . 2008-06-04 13:29 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-06-04 13:27 . 2008-06-04 13:27 2,048 --a------ C:\WINDOWS\System32\tzres.dll 2008-06-04 13:08 . 2008-06-04 13:08 16 --a------ C:\WINDOWS\System32\coh.cache 2008-06-04 13:03 . 2008-06-04 13:03 1,712,984 --a------ C:\WINDOWS\System32\wuaueng.dll 2008-06-04 13:03 . 2008-06-04 13:03 1,524,224 --a------ C:\WINDOWS\System32\wucltux.dll 2008-06-04 13:03 . 2008-06-04 13:03 53,080 --a------ C:\WINDOWS\System32\wuauclt.exe 2008-06-04 13:03 . 2008-06-04 13:03 43,352 --a------ C:\WINDOWS\System32\wups2.dll 2008-06-04 13:01 . 2008-06-04 13:01 549,720 --a------ C:\WINDOWS\System32\wuapi.dll 2008-06-04 13:01 . 2008-06-04 13:01 80,896 --a------ C:\WINDOWS\System32\wudriver.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-26 15:56 --------- d-----w C:\ProgramData\Symantec 2008-06-22 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-11 08:13 --------- d-----w C:\Program Files\Windows Mail 2008-06-05 13:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-04 19:43 --------- d-----w C:\ProgramData\CyberLink 2008-06-04 11:46 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-04 11:37 8,704 ----a-w C:\Windows\System32\hcrstco.dll 2008-06-04 11:34 944,184 ----a-w C:\Windows\System32\winload.exe 2008-06-04 11:31 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-04 11:31 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-06-04 11:31 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-06-04 11:31 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-06-04 11:31 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-04 09:22 --------- d-----w C:\ProgramData\NVIDIA 2008-06-04 09:01 --------- d-----w C:\Program Files\HPQ 2008-06-04 09:01 --------- d-----w C:\Program Files\HP 2008-06-04 08:50 --------- d-sh--w C:\ProgramData\Templates 2008-06-04 08:50 --------- d-sh--w C:\ProgramData\Start Menu 2008-06-04 08:50 --------- d-sh--w C:\ProgramData\Favorites 2008-06-04 08:50 --------- d-sh--w C:\ProgramData\Documents 2008-06-04 08:50 --------- d-sh--w C:\ProgramData\Desktop 2008-06-04 08:50 --------- d-sh--w C:\ProgramData\Application Data 2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys 2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-11-09 07:14 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-04 13:32 1232896] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\WINDOWS\System32\oobefldr.dll] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 22:05 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 22:05 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 22:05 81920] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 10:29 102400] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 05:34 181544] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-20 00:31 202032] "OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 23:54 554320] "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 09:13 218408] "DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 21:12 671744] "HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 18:47 480560] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 01:53 311296] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 14:00 132496] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-11 10:23 1177368] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 23:09:54 727592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{561D6B36-CA40-4E50-B060-E822986DBEB2}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{A6C2D3AB-BA27-4472-964A-C374B52BE1B0}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{5EFF5504-60F4-4DCB-8775-772F2D5BE37B}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{EA5077F2-2E55-4952-9144-00C9E9EC6BD5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{2DDDF958-36C8-47F5-95EE-692C7A9F5D5A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{AE62D3D3-F58B-4920-9D11-94955BEF6197}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{32BBC58D-1AD0-4053-A439-92ED4F91E5C4}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{22713CAD-C0ED-459B-B93F-E1F5FB3AF69F}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{E210CEA1-CCD3-42E1-8F14-2035508DA552}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{79D4B513-854F-47A5-B7BB-CB7F4D750D81}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "{762F05E9-737B-461E-AB81-EFDAE2D0A958}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{AE90D4FB-7CCE-4797-9EB4-48C70071E990}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{8C7A45B3-480B-44E1-9FFF-A23A1BBB2733}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{EF939190-FC66-4D2B-B9FE-D814D74AC0F0}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "TCP Query User{214241EA-6357-4B62-88BB-376BE99D3941}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{48833FA0-9529-4301-B57C-8A09DA13FFDD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{6DF1D04F-9739-4B5B-9214-BD385570C31B}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary "UDP Query User{45C40F5E-07C6-4920-813C-69865E272542}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary "TCP Query User{915F79AB-EBFA-4B07-A245-CF4E0A618D4E}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server "UDP Query User{F50CF0A0-DB92-4959-9020-A49063666261}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server "{AD251D4C-6D36-4826-B87A-89FFB1758AF6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{C0C01739-9CE3-4426-9698-09152924A3CC}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe "TCP Query User{6B314F3B-388B-4826-A084-2B95163B8ACD}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{7E1F5E26-F68E-4C64-90C3-2A5EE2D0D88B}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "TCP Query User{42B2AE7E-4599-492A-A675-DAE785DD5FE6}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher "UDP Query User{2964C3E7-7684-4B4C-9E52-6158A101AFE8}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher "TCP Query User{1952CF4F-639B-4A55-A7CD-2E3FB563D744}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "UDP Query User{BFCD29DD-B676-44E4-BB69-D5B4FA64A5CD}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "TCP Query User{6BBAE909-128A-43A1-BC11-8D3522CFAF1B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{8815665E-37A7-4AC6-80D8-E88169EFB677}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{55410A02-0ABC-4F59-ADBB-B14D6FEBED02}"= UDP:C:\WINDOWS\System32\PnkBstrA.exe:PnkBstrA "{B77F65D3-9DF6-4209-A7DA-FA9E30506889}"= TCP:C:\WINDOWS\System32\PnkBstrA.exe:PnkBstrA "{AD28024C-A225-41D9-95A8-70A5E9F9D147}"= UDP:C:\WINDOWS\System32\PnkBstrB.exe:PnkBstrB "{92370F73-F082-47EF-B6C1-AFD240F08C0C}"= TCP:C:\WINDOWS\System32\PnkBstrB.exe:PnkBstrB "{FFFB4690-2902-473E-B7A1-699C369483C8}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{F3935D21-C718-4F33-8BED-FABE3A8B1FDB}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "TCP Query User{9AAFD13C-D3F3-4DFA-ABBF-C21775ADAB12}C:\\users\\eier\\desktop\\age of empires\\age of empires 1 + expansion [hexman]\\age of empires\\empiresx.exe"= UDP:C:\users\eier\desktop\age of empires\age of empires 1 + expansion [hexman]\age of empires\empiresx.exe:empiresx.exe "UDP Query User{36889F2B-C2C0-4DEB-9C9E-23054BF9C586}C:\\users\\eier\\desktop\\age of empires\\age of empires 1 + expansion [hexman]\\age of empires\\empiresx.exe"= TCP:C:\users\eier\desktop\age of empires\age of empires 1 + expansion [hexman]\age of empires\empiresx.exe:empiresx.exe "TCP Query User{914D50B4-145D-48AC-8F89-023B1008A510}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{772BB363-CF2B-41B5-8A78-AC68D04A8BCD}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-11 10:24] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-06-03 16:58] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-11 10:23] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-11 10:23] R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-10-01 05:34] R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-10-01 05:34] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-06-11 10:24] R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 15:12] R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 15:12] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 15:12] R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 20:30] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 00:32] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice [] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a3818ff-3f9a-11dd-91f4-001e37a11594}] \shell\ar32e301\command - G:\goodies\ar32e301.exe \shell\AutoRun\command - G:\AOESETUP.EXE /autorun \shell\directx\command - G:\DirectX\dxsetup.exe \shell\dplay\command - G:\DirectX\dplay60a.exe \shell\dxdiag\command - G:\DirectX\dxdiag.exe \shell\dxinfo\command - G:\DirectX\dxinfo.exe \shell\dxtest\command - G:\goodies\DirectX\dx5test.exe \shell\dxtool\command - G:\goodies\DirectX\dxtool.exe \shell\msinfo\command - G:\goodies\msinfo\msinfo32.exe \shell\sampler\command - G:\Sampler\Sampler.exe \shell\setup\command - G:\AOESETUP.EXE /autorun \shell\zone\command - G:\sampler\demos\zone\zoneA501.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e99924b-3b0e-11dd-80e0-001e37a11594}] \shell\ar32e301\command - F:\goodies\ar32e301.exe \shell\AutoRun\command - F:\AOESETUP.EXE /autorun \shell\directx\command - F:\DirectX\dxsetup.exe \shell\dplay\command - F:\DirectX\dplay60a.exe \shell\dxdiag\command - F:\DirectX\dxdiag.exe \shell\dxinfo\command - F:\DirectX\dxinfo.exe \shell\dxtest\command - F:\goodies\DirectX\dx5test.exe \shell\dxtool\command - F:\goodies\DirectX\dxtool.exe \shell\msinfo\command - F:\goodies\msinfo\msinfo32.exe \shell\sampler\command - F:\Sampler\Sampler.exe \shell\setup\command - F:\AOESETUP.EXE /autorun \shell\zone\command - F:\sampler\demos\zone\zoneA501.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aa2a170-33da-11dd-8eb8-001e37a11594}] \shell\AutoRun\command - wd_windows_tools\setup.exe *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-06-11 06:45:25 C:\Windows\Tasks\SpyHunter Scanner.job" - C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-29 12:10:36 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-06-29-30a7.kc scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\System32\audiodg.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\wlanext.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\PnkBstrA.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\drivers\XAudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\System32\conime.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LUALL.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\WINDOWS\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-06-29 12:18:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-29 10:18:03 Pre-Run: 131,800,268,800 byte ledig Post-Run: 131,676,327,936 byte ledig 375 --- E O F --- 2008-06-26 15:43:30 Var det alt dette du ville ha?? Lenke til kommentar
norbat Skrevet 29. juni 2008 Del Skrevet 29. juni 2008 Fortsett med følgende: 1. Hvis Messenger Plus! Live ikke er noe du må ha, avinstaller det fra legg til/fjern programmer 2. Bruk Norton Removal Tool til å fjerne rester etter Norton (for du bruker AVG 8 nå, eller hur?) 3. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Register'til det ikke finner flere feil. Du blir spurt om å ta backup før du fixer registerfeil. Det sier du ja til. 4. Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Datasmurfen Skrevet 29. juni 2008 Forfatter Del Skrevet 29. juni 2008 Etterpå jeg kjørte loggen forsvant feilmeldingene når jeg skrur på pc. Lenke til kommentar
norbat Skrevet 29. juni 2008 Del Skrevet 29. juni 2008 Kjør allikevel gjennom overnevnte veiledning slik at vi kan se en hjt-logg til slutt. Lenke til kommentar
Datasmurfen Skrevet 30. juni 2008 Forfatter Del Skrevet 30. juni 2008 Kjør allikevel gjennom overnevnte veiledning slik at vi kan se en hjt-logg til slutt. Msn er noe helt must for meg. Norton er det også uaktuellt å fjerne. Datafolkene sa på på videregående skolen at AVG og Norton BURDE jeg ha på pcen.. Lenke til kommentar
norbat Skrevet 30. juni 2008 Del Skrevet 30. juni 2008 Du skal ikke fjerne MSN. Det jeg spurte om hva om MSN Plus! er noe du MÅ ha (MSN Plus! er et tillegg til MSN. Det støtter bruk av adware) AVG og Norton er antivirusprogarmmer. Det er IKKE lurt å kjøre 2 antivirusprogrammer på pc'n da disse kan komme i konflikt med hverandre. Du bør derfor avinstallere ett. Da det ser ut som om det er AVG som er det som kjører, så anbefaler jeg å fjerne Norton (vha. Norton Removal Tool). Lenke til kommentar
Aqualong Skrevet 1. juli 2008 Del Skrevet 1. juli 2008 Datafolkene sa på på videregående skolen at AVG og Norton BURDE jeg ha på pcen.. Lurer på hva slags datafolk dette er. Man bør absolutt ikke ha to AV-programmer på maskinen samtidig. Lenke til kommentar
Datasmurfen Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 (endret) Du skal ikke fjerne MSN. Det jeg spurte om hva om MSN Plus! er noe du MÅ ha (MSN Plus! er et tillegg til MSN. Det støtter bruk av adware) AVG og Norton er antivirusprogarmmer. Det er IKKE lurt å kjøre 2 antivirusprogrammer på pc'n da disse kan komme i konflikt med hverandre. Du bør derfor avinstallere ett. Da det ser ut som om det er AVG som er det som kjører, så anbefaler jeg å fjerne Norton (vha. Norton Removal Tool). Kan jeg legge norton inn på nytt senere hvis jeg fjerner dette? Har cd pakka hjemme med key OL. Det enkleste er vel fjerne AVG? EDIT: msn pluss er den raskeste veien å skjule msn hvis lærere eller arbeidssjefen dukker opp....! Så tror nok det blir på PC. Endret 2. juli 2008 av Oddy26 Lenke til kommentar
norbat Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 Du beholder det antivirusprogrammet du ønsker, og avinstallerer det andre. Lenke til kommentar
Datasmurfen Skrevet 3. juli 2008 Forfatter Del Skrevet 3. juli 2008 (endret) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:38:28, on 03.07.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe C:\Users\Eier\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.norwegianmafia.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10337 bytes EDIT: jeg fikk opp om jeg ville fikse dem, dette gjorde jeg ikke ennå i påvente av ordre fra deg;) Endret 3. juli 2008 av Oddy26 Lenke til kommentar
norbat Skrevet 3. juli 2008 Del Skrevet 3. juli 2008 Fix disse vha. hjt: (lukk nettleseren før du klikker Fix checked) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) Etter dette ser ting og tang greie ut. Du bør oppdatere java: http://java.com/en/download/index.jsp Lenke til kommentar
Datasmurfen Skrevet 4. juli 2008 Forfatter Del Skrevet 4. juli 2008 Fix disse vha. hjt:(lukk nettleseren før du klikker Fix checked) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) Etter dette ser ting og tang greie ut. Du bør oppdatere java: http://java.com/en/download/index.jsp Takker for all hjelp... Men når jeg skal fixe filene som er nevnt over vil dem ikke la seg fikse. Det kommer opp at noen andre programmer kjører ennda det ikke kjører noen i explorer eller windows som vises på oppgavelinjen,.... Lenke til kommentar
norbat Skrevet 4. juli 2008 Del Skrevet 4. juli 2008 (endret) Slå av teatimer.exe (en prosess fra SpybotSD) lukk nettleseren, start hjt og merk de to linjene igjen. Klikk Fix checked og se om du nå ikke får tatt dem. Endret 4. juli 2008 av norbat Lenke til kommentar
Datasmurfen Skrevet 5. juli 2008 Forfatter Del Skrevet 5. juli 2008 Slå av teatimer.exe (en prosess fra SpybotSD) lukk nettleseren, start hjt og merk de to linjene igjen. Klikk Fix checked og se om du nå ikke får tatt dem. Nej fikk det ikke til å funke... Lenke til kommentar
norbat Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 (endret) Ok, Vi kunne ha tatt de manuelt, men linjene er ikke malwarerelatert så du kan egentlig bare la de være i fred. Begge linjene er knyttet til Norton_Confidential Kjørte du Norton Removal Tool? Endret 5. juli 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå