Sio Skrevet 1. januar 2007 Rapporter Del Skrevet 1. januar 2007 (endret) Hei alle sammen, som Enmetittelen viser til så jobber computeren min tregt å jeg lurer på hva som er galt. Når jeg sjekket rundt omkring på forumet la jeg merke til at andre personer med dette problemet la ut noe som het Hijack this log. Jeg legger derfor ut min og lurer om noen kan ananlysere den: Logfile of HijackThis v1.99.1 Scan saved at 20:42:20, on 01.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\CFusion\cfam\program\ccmgr.exe C:\CFusion\Bin\cfserver.exe C:\CFusion\cfam\Program\dfp.exe C:\CFusion\cfam\Program\wsm.exe C:\CFusion\cfam\Program\wsprobe.exe C:\CFusion\Bin\cfexec.exe C:\CFusion\Bin\cfrdsservice.exe C:\CFusion\JRun\bin\JRun.exe C:\CFusion\jrun\bin\jrun.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\CFusion\jre\bin\ntConsoleJava.exe C:\CFusion\jre\bin\ntConsoleJava.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\CFusion\cfam\bin\CANamingAdapter.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\MessengerPlus! 3\MsgPlus.exe C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\CA\eTrust Internet Security Suite\caissdt.exe C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programfiler\CNet\WConfig\WConfig.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\DOCUME~1\ARILDI~1\LOKALE~1\Temp\~e5.0001 C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Skype\Plugin Manager\SkypePM.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Arild Inge Olsson\Lokale innstillinger\Temporary Internet Files\Content.IE5\CHMZ4T2F\hijackthis[1]\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {75A5FE57-90A4-DB92-29F9-B943258FB6ED} - C:\DOCUME~1\ARILDI~1\PROGRA~1\ADMINF~1\SETTINGSFUNK.exe (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Gqyenkl] C:\Program Files\Ckjsxoa\Ilhomp.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CaISSDT] "C:\Programfiler\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKLM\..\Run: [CaAvTray] "C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [FridayNight3DDartssSetup.exe] C:\DOWNLO~1\FRIDAY~1.EXE /r O4 - HKCU\..\Run: [sP2 Connection Patcher] "C:\Programfiler\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200 O4 - HKCU\..\Run: [typelogo] C:\DOCUME~1\ARILDI~1\PROGRA~1\THATWA~1\Flaw one.exe O4 - HKCU\..\Run: [warez] "C:\Programfiler\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [steam] C:\Programfiler\Steam\Steam.exe -silent O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [LuxuryLinerTycoonSetup.exe] C:\DOWNLO~1\LUXURY~1.EXE /r O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: WConfig.lnk = C:\Programfiler\CNet\WConfig\WConfig.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing) O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe ------------------------------------------------------------------------------------------------ CPUen har også nettopp vært på reperasjon PGA at kondensatoren var ødelagt, men jeg regner med at det er irrelevant. Bare for å være på den sikre siden. Endret 1. januar 2007 av Sio Lenke til kommentar
Gjest medlem-105082 Skrevet 1. januar 2007 Rapporter Del Skrevet 1. januar 2007 Kjør Hijackthis og slett: R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) O2 - BHO: (no name) - {75A5FE57-90A4-DB92-29F9-B943258FB6ED} - C:\DOCUME~1\ARILDI~1\PROGRA~1\ADMINF~1\SETTINGSFUNK.exe (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Lenke til kommentar
Sio Skrevet 1. januar 2007 Forfatter Rapporter Del Skrevet 1. januar 2007 Jeg har slettet alt du forslo og innstalert SaS som tydeligvis har fått god kritikk på forumet. Lenke til kommentar
Demantios Skrevet 1. januar 2007 Rapporter Del Skrevet 1. januar 2007 Der rikrig ut det som RJR skriver. jeg ville også søkt antivirus på C:\DOCUME~1\ARILDI~1\LOKALE~1\Temp\~e5.0001 Du kan også scanne loggen selv på www.hijackthis.de Lenke til kommentar
Sio Skrevet 1. januar 2007 Forfatter Rapporter Del Skrevet 1. januar 2007 Der rikrig ut det som RJR skriver. jeg ville også søkt antivirus på C:\DOCUME~1\ARILDI~1\LOKALE~1\Temp\~e5.0001 Du kan også scanne loggen selv på www.hijackthis.de 7620683[/snapback] Det skal jeg gjøre. Lenke til kommentar
norbat Skrevet 1. januar 2007 Rapporter Del Skrevet 1. januar 2007 (endret) Last ned CCleaner og kjør en runde med rens. Før du kjører rens, går du til 'Valg'->'Avansert' og fjerner merket framfor "Bare slett midlertidige filer.........". Last ned DrWeb Oppdater SAS Restart i sikker modus (tapp f8 under oppstart) Kjør drweb -den vil kjøre en expresscan. -når det er ferdig velger du Options->Change settings. i fanebladet Scan, fjern merke ved Heuristic analysis. i fanebladet Actions, forandres punktene under Malware til Rename. -velg partisjon og kjør en scan Når scanningen er ferdig, klikk på file - Save Report list. Fila "drweb.csv", som er loggen, vil da ligge på skrivebordet. Kjør en complete scan med SAS, slett alt den finner Restart i normal modus Post en ny HJT-logg + loggen fra SAS (preferences->statistics/logs) + loggen fra DrWeb Endret 1. januar 2007 av norbat Lenke til kommentar
Sio Skrevet 1. januar 2007 Forfatter Rapporter Del Skrevet 1. januar 2007 Last ned CCleaner og kjør en runde med rens. Før du kjører rens, går du til 'Valg'->'Avansert' og fjerner merket framfor "Bare slett midlertidige filer.........". Last ned DrWeb Oppdater SAS Restart i sikker modus (tapp f8 under oppstart) Kjør drweb -den vil kjøre en expresscan. -når det er ferdig velger du Options->Change settings. i fanebladet Scan, fjern merke ved Heuristic analysis. i fanebladet Actions, forandres punktene under Malware til Rename. -velg partisjon og kjør en scan Når scanningen er ferdig, klikk på file - Save Report list. Fila "drweb.csv", som er loggen, vil da ligge på skrivebordet. Kjør en complete scan med SAS, slett alt den finner Restart i normal modus Post en ny HJT-logg + loggen fra SAS (preferences->statistics/logs) + loggen fra DrWeb 7621110[/snapback] Forrige gangen jeg kjørte full scan og slettet alt SaS fant kunne ikke Windows starte opp unntatt i sikkerhetsmodus hvor jeg kunne gjennomrette ved at jeg "gikk tilbake" til før jeg innstalerte SaS. Jeg er derfor litt redd for å scanne OG slette med SaS. SaS er tungt artilleri. Lenke til kommentar
norbat Skrevet 1. januar 2007 Rapporter Del Skrevet 1. januar 2007 Da kan vi prøve dette først: Last ned og kjør Combofix. Legg ut loggen. Lenke til kommentar
Sio Skrevet 1. januar 2007 Forfatter Rapporter Del Skrevet 1. januar 2007 Will do, må bare gjøre alt jeg skal i sikkerhetsmodus først. Jeg glemte hvor jeg hadde lagret dr. web.... Lenke til kommentar
Sio Skrevet 1. januar 2007 Forfatter Rapporter Del Skrevet 1. januar 2007 Will do, må bare gjøre alt jeg skal i sikkerhetsmodus først. Jeg glemte hvor jeg hadde lagret dr. web.... 7621961[/snapback] Dr. web fant ingen virus og hadde derfor ingen rapporter å rapportere. Eller noe må det ha vært for jeg fulkte alle anvisningnene men knappen under file som skulle legge ut en raport var grå hele tiden. Men dr. web fant ingenting under scanningen. Lenke til kommentar
Sio Skrevet 1. januar 2007 Forfatter Rapporter Del Skrevet 1. januar 2007 Da kan vi prøve dette først: Last ned og kjør Combofix. Legg ut loggen. 7621857[/snapback] Combofix gjør ingenting, bare starter en stor svart firkant som etter kort tid blir lilla og slår seg av. Men jeg har funnet ut noe som økte hastigheten på CPUen merkbart. Jeg slo av et program som jeg starter av og til som heter Backround downloader som laster ned filer til WoW. Lenke til kommentar
norbat Skrevet 2. januar 2007 Rapporter Del Skrevet 2. januar 2007 La oss se en ny HJT-logg Lenke til kommentar
Sio Skrevet 2. januar 2007 Forfatter Rapporter Del Skrevet 2. januar 2007 Logfile of HijackThis v1.99.1 Scan saved at 15:47:15, on 02.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\CFusion\cfam\program\ccmgr.exe C:\CFusion\Bin\cfserver.exe C:\CFusion\cfam\Program\dfp.exe C:\CFusion\cfam\Program\wsm.exe C:\CFusion\cfam\Program\wsprobe.exe C:\CFusion\Bin\cfexec.exe C:\CFusion\Bin\cfrdsservice.exe C:\CFusion\JRun\bin\JRun.exe C:\CFusion\jrun\bin\jrun.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\CFusion\jre\bin\ntConsoleJava.exe C:\CFusion\jre\bin\ntConsoleJava.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\CFusion\cfam\bin\CANamingAdapter.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\MessengerPlus! 3\MsgPlus.exe C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\CA\eTrust Internet Security Suite\caissdt.exe C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programfiler\CNet\WConfig\WConfig.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\Programfiler\Java\jre1.5.0_06\bin\jucheck.exe C:\Documents and Settings\Arild Inge Olsson\Lokale innstillinger\Temporary Internet Files\Content.IE5\OPE34T6J\hijackthis_199[1]\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Gqyenkl] C:\Program Files\Ckjsxoa\Ilhomp.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CaISSDT] "C:\Programfiler\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKLM\..\Run: [CaAvTray] "C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [FridayNight3DDartssSetup.exe] C:\DOWNLO~1\FRIDAY~1.EXE /r O4 - HKCU\..\Run: [sP2 Connection Patcher] "C:\Programfiler\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200 O4 - HKCU\..\Run: [typelogo] C:\DOCUME~1\ARILDI~1\PROGRA~1\THATWA~1\Flaw one.exe O4 - HKCU\..\Run: [warez] "C:\Programfiler\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [steam] C:\Programfiler\Steam\Steam.exe -silent O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [LuxuryLinerTycoonSetup.exe] C:\DOWNLO~1\LUXURY~1.EXE /r O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: WConfig.lnk = C:\Programfiler\CNet\WConfig\WConfig.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing) O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe Lenke til kommentar
norbat Skrevet 2. januar 2007 Rapporter Del Skrevet 2. januar 2007 (endret) Gå til http://virusscan.jotti.org/ og sjekk følgende filer om du ikke vet hva det er: (For hver fil vil det ta litt tid før du får et resultat. Du vil få et resultat etter hver fil som du kan kopiere og poste) C:\Program Files\Ckjsxoa\Ilhomp.exe C:\DOWNLO~1\FRIDAY~1.EXE C:\DOCUME~1\ARILDI~1\PROGRA~1\THATWA~1\Flaw one.exe C:\DOWNLO~1\LUXURY~1.EXE Endret 2. januar 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå