smoothie46 Skrevet 17. juli 2008 Del Skrevet 17. juli 2008 Den stasjonære pcen (Windows XP) har blitt angrepet av Antivirus 2009 og vista antivirus 2008, også kommer det stadig opp meldinger om virus (trojan).. hva skal jeg gjøre for å få fjernet det? All hjelp mottas med takk!! Lenke til kommentar
02tom Skrevet 18. juli 2008 Del Skrevet 18. juli 2008 Du kan laste ned følgende programmer og kjøre disse: Ad-Aware fra Lavasoft Ad-Aware 2008 og spybot 1.60 spybot Kjør spybot først og så ad-aware etter på for å være sikker på at du har fått vekk alt. Husk også å oppdater programmene etter at du har installert dem. Lenke til kommentar
johome Skrevet 18. juli 2008 Del Skrevet 18. juli 2008 (endret) Følg veiledingen her Ekspertene kommer nok innom iløpet av dagen og hjelper deg videre. Både Ad-Aware og Spybot har tapt seg så mye i løpet av de siste årene at de ikke lenger er å anbefale. Endret 18. juli 2008 av johome Lenke til kommentar
rypa Skrevet 30. august 2008 Del Skrevet 30. august 2008 Den stasjonære pcen (Windows XP) har blitt angrepet av Antivirus 2009 og vista antivirus 2008, også kommer det stadig opp meldinger om virus (trojan).. hva skal jeg gjøre for å få fjernet det? All hjelp mottas med takk!! Det hadde jeg også fått, jeg har kjøpt Webroot antivirus med spyspyware, den fikset alt, enkelt og greit. Lenke til kommentar
r2d290 Skrevet 30. august 2008 Del Skrevet 30. august 2008 Fin bump-post Å kjøpe et antivirusprogram for å fjerne en infeksjon er egentlig ikke nødvendig, da logger fra combofix og HijackThis vil kunne fjerne alt av infeksjoner. Men å ha et program som passer på maskinen hele tiden, er ikke dumt Lenke til kommentar
rypa Skrevet 31. august 2008 Del Skrevet 31. august 2008 Fin bump-post Å kjøpe et antivirusprogram for å fjerne en infeksjon er egentlig ikke nødvendig, da logger fra combofix og HijackThis vil kunne fjerne alt av infeksjoner. Men å ha et program som passer på maskinen hele tiden, er ikke dumt Huff jeg var visst for sikker her, plages enda ja, hva gjør jeg da, Antivirus 2009 bare popper opp og begynner å scanne sjøl. Er det noe jeg kan gjøre, er helt ny her på forumet. Lenke til kommentar
norbat Skrevet 31. august 2008 Del Skrevet 31. august 2008 Punkt 1 og 2 i denne veiledningen: https://www.diskusjon.no/index.php?showtopic=998167 Loggene poster du i en egen tråd som du oppretter ved å klikke Nytt Emne-knappen Lenke til kommentar
Grazat Skrevet 28. oktober 2008 Del Skrevet 28. oktober 2008 (endret) Punkt 1 og 2 i denne veiledningen: https://www.diskusjon.no/index.php?showtopic=998167 Loggene poster du i en egen tråd som du oppretter ved å klikke Nytt Emne-knappen Hei Har fått "antivirus 2009" på maskina mi i kveld. Vil prøve å få rydda opp før eg tek natta. Problemet er at det virker som at viruset hindrar meg i gå på aktuelle sider med antispyware ? Prøvde guiden på forumet.no, men opplevde at eg ikkje fikk tilgang til enkelte sider der. Prøver no med guiden på denne sida her. Bli glad om eg får hjelp.. Her er MBAM-loggen Malwarebytes' Anti-Malware 1.30 Database versjon: 1333 Windows 5.1.2600 Service Pack 3 29.10.2008 00:20:40 mbam-log-2008-10-29 (00-20-40).txt Skanntype: Rask Skann Objekter skannet: 54274 Tid tilbakelagt: 8 minute(s), 34 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 7 Registerverdier infisert: 5 Registerfiler infisert: 4 Mapper infisert: 0 Filer infisert: 4 Minneprosesser infisert: C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Failed to unload process. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\windows.windows (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\windows.windows.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\WINDOWS\system32\rs32net.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> Delete on reboot. C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot. Får vel reboote før eg går vidare ? Endret 29. oktober 2008 av Grazat Lenke til kommentar
snippsat Skrevet 28. oktober 2008 Del Skrevet 28. oktober 2008 Hei Grazat. Reboot og kjør combofix,post loggen. Lenke til kommentar
Grazat Skrevet 28. oktober 2008 Del Skrevet 28. oktober 2008 Hei Grazat. Reboot og kjør combofix,post loggen. Har reboota. Det raude krysset på statuslinja er borte, men AVG-rapporterer om feil ( får ikkje kontakt med sida). Klarer ikkje å laste ned combofix heller "Dette webområdet kan ikke vises i Internet Explorer " Lenke til kommentar
snippsat Skrevet 28. oktober 2008 Del Skrevet 28. oktober 2008 Reboot trykk F8 flere ganger,velg sikkerhetmodus med nettverk. Last ned og kjør combofix der. Lenke til kommentar
Grazat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 (endret) Reboot trykk F8 flere ganger,velg sikkerhetmodus med nettverk.Last ned og kjør combofix der. Tusen takk for hjelp så langt. Tipset med å kjøre combofix i sikkerhetsmodus fungerte. Her er loggen : ComboFix 08-10-28.01 - ***** 2008-10-29 1:24:13.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1606 [GMT 1:00] WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\*****.*******\err.log C:\WINDOWS\system32\drivers\tcpsr.sys C:\WINDOWS\system32\drivers\TDSSpqxt.sys C:\WINDOWS\system32\TDSScfgb.dll C:\WINDOWS\system32\TDSSfpmp.dll C:\WINDOWS\system32\TDSSliqp.dll C:\WINDOWS\system32\TDSSnmxa.log C:\WINDOWS\system32\TDSSnrse.dll C:\WINDOWS\system32\TDSSoeqh.dll C:\WINDOWS\system32\TDSSosvn.dat C:\WINDOWS\system32\TDSSsbhc.dll C:\WINDOWS\system32\TDSSthym.log C:\WINDOWS\system32\TDSStkdv.log C:\xcrashdump.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv -------\Legacy_TDSSserv -------\Legacy_FCI -------\Legacy_ICF -------\Legacy_TCPSR -------\Legacy_TDSSSERV.SYS -------\Service_FCI -------\Service_ICF -------\Service_tcpsr -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 ))))))))))))))))))))))))))))))) . 2008-10-29 01:07 . 2008-10-29 01:21 21,504 --a------ C:\WINDOWS\system32\jqspoy.dll 2008-10-28 23:36 . 2008-10-28 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-10-28 23:35 . 2008-10-28 23:35 <DIR> dr-h----- C:\Documents and Settings\*****.*******\Siste 2008-10-28 23:33 . 2008-10-28 23:33 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-28 23:07 . 2008-10-28 23:07 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-10-28 22:39 . 32,768 C:\WINDOWS\system32\drivers\ati4swxx.sys 2008-10-28 22:36 . 2008-04-14 18:23 26,112 --a------ C:\WINDOWS\system32\stus.exe 2008-10-24 07:31 . 2008-10-15 18:38 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-16 12:56 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-16 12:55 . 2008-08-14 15:27 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-16 12:55 . 2008-08-14 15:27 2,067,840 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-16 12:55 . 2008-09-15 17:29 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-16 12:54 . 2008-08-14 15:27 2,190,976 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-16 12:54 . 2008-08-14 15:27 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-28 21:36 8,704 ----a-w C:\WINDOWS\system32\userinit.exe 2008-10-22 15:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-22 15:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-10-03 18:31 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-19 19:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\NCH Swift Sound 2008-09-19 19:28 --------- d-----w C:\Programfiler\NCH Swift Sound 2008-09-15 16:29 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-29 07:19 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-27 10:30 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-25 09:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-08-15 08:29 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-08-14 14:27 2,190,976 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 14:27 2,067,840 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-13 19:41 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLec.DAT 2008-06-13 19:41 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLds.DAT 2007-10-31 08:53 1,369,125 ----a-w C:\Programfiler\netcom_pcsms_outlook_3-4-18.exe . ------- Sigcheck ------- 2008-10-28 22:36 8704 6f18705eee18a281b21584059389a636 C:\WINDOWS\system32\userinit.exe 2004-08-04 20:00 24576 025d58a521e0063b92adebd84f147e68 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe 2008-04-14 18:23 26112 5ee32955c86d583627f8d37350c1e145 C:\WINDOWS\ServicePackFiles\i386\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 68856] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480] "RemoteControl"="C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2004-09-01 2876416] "LManager"="C:\Programfiler\Launch Manager\QtZgAcer.EXE" [2004-07-30 319488] "OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2003-11-06 303104] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-05-12 282624] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] Photo Loader supervisory.lnk - C:\Programfiler\CASIO\Photo Loader\Plauto.exe [2005-02-15 208896] Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-25 113664] Service Manager.lnk - C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] NkbMonitor.exe.lnk - D:\NkbMonitor.exe [2007-12-25 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jqspoy] 2008-10-29 01:21 21504 C:\WINDOWS\system32\jqspoy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4swxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\MSMSGS.EXE"= "C:\\StubInstaller.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\SuperOffice\\Database\\dbeng9.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\explorer.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\MsnMsgr.Exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 ati4swxx;ati4swxx;C:\WINDOWS\system32\Drivers\ati4swxx.sys [ ] R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928] R1 SMBHC;Vertskontrollerdriver for Microsoft SM Bus;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 6784] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-08-14 78208] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112] R2 MSSQL$BYGGSAFE;MSSQL$BYGGSAFE;C:\Programfiler\Microsoft SQL Server\MSSQL$BYGGSAFE\Binn\sqlservr.exe [2002-12-17 7520337] R3 SMBBATT;Driver for Microsoft Smart Battery;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2008-04-13 16000] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [ ] S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 171264] S3 SQLAgent$BYGGSAFE;SQLAgent$BYGGSAFE;C:\Programfiler\Microsoft SQL Server\MSSQL$BYGGSAFE\Binn\sqlagent.EXE [2002-12-17 311872] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Error Safe - C:\Programfiler\Error Safe Free\ers.exe HKLM-Run-LogMeIn GUI - C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\*****.******\Programdata\Mozilla\Firefox\Profiles\4vo6knrx.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-29 01:31:30 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\jqspoy.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\ACER\EMANAGER\ANBMSERV.EXE C:\PROGRAMFILER\AVG\AVG8\AVGWDSVC.EXE C:\PROGRAMFILER\TREND MICRO\OFFICESCAN CLIENT\NTRTSCAN.EXE C:\PROGRAMFILER\TREND MICRO\OFFICESCAN CLIENT\TMLISTEN.EXE C:\PROGRAMFILER\TREND MICRO\OFFICESCAN CLIENT\OFCDOG.EXE C:\PROGRAMFILER\AVG\AVG8\AVGRSX.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntupd.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Trend Micro\OfficeScan Client\Pop3Trap.exe . ************************************************************************** . Completion time: 2008-10-29 1:34:41 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-29 00:34:34 Pre-Run: 3,623,092,224 byte ledig Post-Run: 3,567,878,144 byte ledig 200 --- E O F --- 2008-10-25 09:34:00 Regner med at her er mykje eg ikkje burde publisert, men no er eg interessert i å få rydda.... Edit : Fjerna linjene med namnet mitt... Endret 29. oktober 2008 av Grazat Lenke til kommentar
snippsat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\jqspoy.dll C:\WINDOWS\system32\drivers\ati4swxx.sys C:\WINDOWS\system32\stus.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jqspoy 2008-10-29 01:21 21504 C:\WINDOWS\system32\jqspoy] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4swxx.sys] Driver:: R0 ati4swxx Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Lenke til kommentar
Grazat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 Kopiere fet tekst under bildet->åpne notisblokk og lim inn.Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\jqspoy.dll C:\WINDOWS\system32\drivers\ati4swxx.sys C:\WINDOWS\system32\stus.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jqspoy 2008-10-29 01:21 21504 C:\WINDOWS\system32\jqspoy] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4swxx.sys] Driver:: R0 ati4swxx Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Vel, vel - no er eg her igjen men denne gangen frå lånt maskin. Etter den siste operasjonen med combofix har maskina låst seg. Eg kom så langt at eg fikk lime inn det som var utheva i combofix, og programmet starta opp. Deretter boota combofixmaskina. Eg får logge meg på, men etter det skjer det intet. Bakgrunnen i windows kjem fram, men ingen ikon eller verktøylinjer. Maskina jobbar ikkje, og eg ser berre musepila stå urørleg på skjermen Dette gjekk no så bra lenge, men kva gjer eg no ? ( Maskina mi er berbar og blir brukt både på jobb og heime. Eg er no på jobb med død maskin, og låner ein kollega sin inntil vidare ) Treng vel ikkje legge til at eg blir glad om dette kan løysast. Lenke til kommentar
r2d290 Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 ctrl+alt+delete Trykk på fil, og velg "Ny oppgave (kjør)" I ruten som spretter opp, skriver du explorer Om ikke det fungerer, ser du om du har tilgang til sikkermodus: restart maskinen, trykk mange ganger på f8 under oppstarten, og i lista som kommer opp, velger du "Sikkermodus med nettverk". Gi tilbakemelding på om alternativ 1 eller 2 hjalp Lenke til kommentar
Grazat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 (endret) ctrl+alt+delete Trykk på fil, og velg "Ny oppgave (kjør)" I ruten som spretter opp, skriver du explorer Om ikke det fungerer, ser du om du har tilgang til sikkermodus: restart maskinen, trykk mange ganger på f8 under oppstarten, og i lista som kommer opp, velger du "Sikkermodus med nettverk". Gi tilbakemelding på om alternativ 1 eller 2 hjalp Kom inn med alternativ 1. Combofix fortsatte då på økta si. Her loggen frå ComboFix. ComboFix 08-10-28.01 - solve 2008-10-29 2:01:21.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1502 [GMT 1:00] Running from: C:\Documents and Settings\solve.MOREHUS\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\solve.MOREHUS\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\drivers\ati4swxx.sys C:\WINDOWS\system32\jqspoy.dll C:\WINDOWS\system32\stus.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\ati4swxx.sys C:\WINDOWS\system32\stus.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ati4swxx -------\Service_ati4swxx ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 ))))))))))))))))))))))))))))))) . 2008-10-28 23:36 . 2008-10-28 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-10-28 23:35 . 2008-10-28 23:35 <DIR> dr-h----- C:\Documents and Settings\solve.MOREHUS\Siste 2008-10-28 23:33 . 2008-10-28 23:33 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-28 23:07 . 2008-10-28 23:07 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-10-24 07:31 . 2008-10-15 18:38 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-16 12:56 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-16 12:55 . 2008-08-14 15:27 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-16 12:55 . 2008-08-14 15:27 2,067,840 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-16 12:55 . 2008-09-15 17:29 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-16 12:54 . 2008-08-14 15:27 2,190,976 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-16 12:54 . 2008-08-14 15:27 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-28 21:36 8,704 ----a-w C:\WINDOWS\system32\userinit.exe 2008-10-22 15:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-22 15:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-10-03 18:31 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-19 19:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\NCH Swift Sound 2008-09-19 19:28 --------- d-----w C:\Programfiler\NCH Swift Sound 2008-09-15 16:29 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-29 07:19 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-27 10:30 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-25 09:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-08-15 08:29 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-08-14 14:27 2,190,976 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 14:27 2,067,840 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-13 19:41 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLec.DAT 2008-06-13 19:41 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLds.DAT 2007-10-31 08:53 1,369,125 ----a-w C:\Programfiler\netcom_pcsms_outlook_3-4-18.exe . ------- Sigcheck ------- 2008-10-28 22:36 8704 6f18705eee18a281b21584059389a636 C:\WINDOWS\system32\userinit.exe 2004-08-04 20:00 24576 025d58a521e0063b92adebd84f147e68 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe 2008-04-14 18:23 26112 5ee32955c86d583627f8d37350c1e145 C:\WINDOWS\ServicePackFiles\i386\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2008-10-29_ 1.33.54.52 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-29 07:26:26 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 68856] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480] "RemoteControl"="C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2004-09-01 2876416] "LManager"="C:\Programfiler\Launch Manager\QtZgAcer.EXE" [2004-07-30 319488] "OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2003-11-06 303104] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-05-12 282624] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] Photo Loader supervisory.lnk - C:\Programfiler\CASIO\Photo Loader\Plauto.exe [2005-02-15 208896] Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-25 113664] Service Manager.lnk - C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] NkbMonitor.exe.lnk - D:\NkbMonitor.exe [2007-12-25 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\MSMSGS.EXE"= "C:\\StubInstaller.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\SuperOffice\\Database\\dbeng9.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\explorer.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\MsnMsgr.Exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928] R1 SMBHC;Vertskontrollerdriver for Microsoft SM Bus;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 6784] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-08-14 78208] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112] R2 MSSQL$BYGGSAFE;MSSQL$BYGGSAFE;C:\Programfiler\Microsoft SQL Server\MSSQL$BYGGSAFE\Binn\sqlservr.exe [2002-12-17 7520337] R3 SMBBATT;Driver for Microsoft Smart Battery;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2008-04-13 16000] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [ ] S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 171264] S3 SQLAgent$BYGGSAFE;SQLAgent$BYGGSAFE;C:\Programfiler\Microsoft SQL Server\MSSQL$BYGGSAFE\Binn\sqlagent.EXE [2002-12-17 311872] . - - - - ORPHANS REMOVED - - - - Notify-jqspoy - jqspoy.dll ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-29 09:29:35 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Acer\eManager\anbmServ.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\PROGRAMFILER\AVG\AVG8\AVGRSX.EXE C:\PROGRAMFILER\TREND MICRO\OFFICESCAN CLIENT\OFCDOG.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Trend Micro\OfficeScan Client\Pop3Trap.exe . ************************************************************************** . Completion time: 2008-10-29 9:32:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-29 08:32:12 ComboFix2.txt 2008-10-29 00:34:46 Pre-Run: 3,509,665,792 byte ledig Post-Run: 3,505,651,712 byte ledig 170 --- E O F --- 2008-10-25 09:34:00 Får fortsatt ikkje opna maskina på vanlig måte, og dersom eg er kobla til nettverket på jobb får eg svart skjerm. Skal eg prøve alternativ 2 også ? Endret 29. oktober 2008 av Grazat Lenke til kommentar
Grazat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 (endret) Last ned HijackThis legg i egen mappe på skrivebordet.Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Logfila frå HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:18, on 2008-10-29 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Microsoft SQL Server\MSSQL$BYGGSAFE\Binn\sqlservr.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\Programfiler\Trend Micro\OfficeScan Client\ofcdog.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\acer\epm\epm-dm.exe C:\Programfiler\Launch Manager\QtZgAcer.EXE C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\Trend Micro\OfficeScan Client\Pop3Trap.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\CASIO\Photo Loader\Plauto.exe C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe D:\NkbMonitor.exe C:\PROGRA~1\AVG\AVG8\avgscanx.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar5.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programfiler\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RegistryDefender.lnk = C:\Programfiler\Registry Defender Platinum\RegistryDefender.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: NkbMonitor.exe.lnk = D:\NkbMonitor.exe O8 - Extra context menu item: Save page in SuperOffice - res://C:\PROGRA~1\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\Programfiler\SuperOffice\SoIeExtensions.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0018A71D-26DA-4707-AF52-E0B9D39796F2} (LaFargeOnline Control) - http://lafarge.kampanj.nu/LafargeOnline.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.no/activex/ImageUploader3.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = morehus.local O17 - HKLM\Software\..\Telephony: DomainName = morehus.local O17 - HKLM\System\CCS\Services\Tcpip\..\{0145D937-96F7-44FF-872F-79B73D485D19}: NameServer = 192.168.1.11 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = morehus.local O17 - HKLM\System\CS1\Services\Tcpip\..\{0145D937-96F7-44FF-872F-79B73D485D19}: NameServer = 192.168.1.11 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = morehus.local O17 - HKLM\System\CS2\Services\Tcpip\..\{0145D937-96F7-44FF-872F-79B73D485D19}: NameServer = 192.168.1.11 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe -- End of file - 9650 bytes Endret 29. oktober 2008 av Grazat Lenke til kommentar
snippsat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 Fjern trend micro eller avg8,kun et anitvirus på systemet. Reboot og se om det hjelper. Lenke til kommentar
Grazat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 Fjern trend micro eller avg8,kun et anitvirus på systemet.Reboot og se om det hjelper. Hei igjen SNIPPSAT ! Eg fjerna AVG8 og reboota. Eg må fortsatt via "Ctrl-Alt-Del" og ny oppgave for å få maskina til å køyre. Når den vel er oppe å gå fungerer faktisk alt som det skal - eller iallefall som det har gjort. Lenke til kommentar
snippsat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Start->kjør->regedit(gå hit) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Du kan dobbelklikke,sjekk at verdidata står på 1. Reboot. Se om det hjelper. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå