lasse_hansen87 Skrevet 3. mars 2008 Skrevet 3. mars 2008 Hei sann! Jeg bruker SUPERAntispyware 4.0 Pro... Og lurer på å kjøpe Spyware Doctor, men er det noe vits?? Ettersom jeg har SUPERAntispyware?? Går disse evt sammen utenatt det blir problemer?
snippsat Skrevet 3. mars 2008 Skrevet 3. mars 2008 (endret) lurer på å kjøpe Spyware Doctor Nei spar de pengene og bruk SUPERAntispyware. Skulle du ha mistanke om noe,kan du poste en HijackThis logg her. Da vil du bli guidet og få fjernet alt,selv de vansklige fjernes greit. Med bruk av litt vektøy som ikke er så allment kjent. Endret 3. mars 2008 av SNIPPSAT
Opelduude Skrevet 3. mars 2008 Skrevet 3. mars 2008 Hei sann! Jeg bruker SUPERAntispyware 4.0 Pro... Og lurer på å kjøpe Spyware Doctor, men er det noe vits?? Ettersom jeg har SUPERAntispyware?? Går disse evt sammen utenatt det blir problemer? Tror ikke du trenger mer enn et antivirus program. Jeg har Avg free edition og laster ned superantispyware når jeg tar en grundig skjekk på pc-en.
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 da sparer vi de pengene.. tenkte bare å være helt sikker.. Men du/dere mener SUPERAntispyware er bra nok?? Hvordan får jeg laget en HijackThis logg for så å legge den inn her?
snippsat Skrevet 3. mars 2008 Skrevet 3. mars 2008 (endret) Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Men du/dere mener SUPERAntispyware er bra nok?? SUPERAntispyware er en av de beste der ute og den vi anbefaler og bruke. Endret 3. mars 2008 av SNIPPSAT
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 her er alt jeg fikk opp i notisblokka: HijackThis loggLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:38:54, on 03.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Norton 360\ScanStub.exe C:\Users\Malin og Lasse\Desktop\HijackThis logg\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7860 bytes gjorde jeg riktig?
snippsat Skrevet 3. mars 2008 Skrevet 3. mars 2008 Loggen ser bra ut den. Kjør en runde med combofix,denne kan si litt mere. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Restart og en ny HijackThis logg.
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 ComboFix: ComboFix 08-03-03.16 - Sjefen 03.03.2008 23:48:29.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1044.18.919 [GMT 1:00] Running from: C:\Users\Malin og Lasse\Desktop\ComboFix\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))) . 2008-03-03 22:47 . 03.03.2008 22:47 <DIR> d-------- C:\Users\Sjefen\AppData\Roaming\SUPERAntiSpyware.com 2008-03-03 22:46 . 03.03.2008 22:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-29 19:17 . 29.02.2008 19:17 <DIR> d-------- C:\Windows\PCHEALTH 2008-02-29 19:15 . 29.02.2008 19:17 <DIR> d-------- C:\Program Files\Windows Live 2008-02-29 19:15 . 29.02.2008 19:17 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-29 19:14 . 29.02.2008 19:14 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-02-29 19:14 . 29.02.2008 19:14 <DIR> d-------- C:\ProgramData\WLInstaller 2008-02-27 12:18 . 27.02.2008 12:19 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-02-14 02:23 . 14.02.2008 02:23 <DIR> d-------- C:\Users\All Users\FLEXnet 2008-02-14 02:23 . 14.02.2008 02:23 <DIR> d-------- C:\ProgramData\FLEXnet 2008-02-14 02:17 . 17.02.2008 22:32 <DIR> d-------- C:\Users\All Users\Adobe 2008-02-14 02:17 . 14.02.2008 02:17 <DIR> d-------- C:\Program Files\Bonjour 2008-02-14 02:11 . 14.02.2008 02:11 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-02-14 02:09 . 17.02.2008 22:32 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-02-13 14:25 . 13.02.2008 14:25 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-13 14:25 . 13.02.2008 14:25 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-13 14:22 . 13.02.2008 14:22 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-13 14:22 . 13.02.2008 14:22 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe 2008-02-13 14:22 . 13.02.2008 14:22 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-02-13 14:22 . 13.02.2008 14:22 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-02-13 14:22 . 13.02.2008 14:22 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-02-13 14:22 . 13.02.2008 14:22 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-02-13 14:22 . 13.02.2008 14:22 17,464 --a------ C:\Windows\System32\drivers\intelide.sys 2008-02-13 14:22 . 13.02.2008 14:22 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-02-13 14:21 . 13.02.2008 14:21 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 14:21 . 13.02.2008 14:21 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-13 14:21 . 13.02.2008 14:21 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-02-13 14:21 . 13.02.2008 14:21 216,632 --a------ C:\Windows\System32\drivers\netio.sys 2008-02-13 14:21 . 13.02.2008 14:21 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-02-13 14:21 . 13.02.2008 14:21 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-02-13 14:21 . 13.02.2008 14:21 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-02-13 14:18 . 13.02.2008 14:18 1,244,672 --a------ C:\Windows\System32\mcmde.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-03 22:27 --------- d-----w C:\Users\Malin og Lasse\AppData\Roaming\uTorrent 2008-03-03 21:56 --------- d-----w C:\ProgramData\Symantec 2008-03-03 21:47 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-03 21:35 --------- d-----w C:\ProgramData\NVIDIA 2008-02-22 08:16 --------- d-----w C:\Program Files\Opera 2008-02-13 13:21 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 13:21 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 13:21 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 13:21 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 13:19 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 13:19 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 13:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 13:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-12 11:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-05 15:00 --------- d-----w C:\Program Files\Norton 360 2008-01-30 23:36 --------- d-----w C:\Users\Sjefen\AppData\Roaming\uTorrent 2008-01-30 23:33 --------- d-----w C:\Program Files\uTorrent 2008-01-25 12:41 --------- d-----w C:\Users\Malin og Lasse\AppData\Roaming\Apple Computer 2008-01-25 11:38 --------- d-----w C:\Users\Sjefen\AppData\Roaming\Apple Computer 2008-01-25 11:38 --------- d-----w C:\ProgramData\Apple Computer 2008-01-25 11:38 --------- d-----w C:\Program Files\QuickTime 2008-01-25 11:38 --------- d-----w C:\Program Files\iTunes 2008-01-25 11:38 --------- d-----w C:\Program Files\iPod 2008-01-25 11:36 --------- d-----w C:\Program Files\Common Files\Apple 2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-01-11 19:08 --------- d-----w C:\Program Files\Java 2008-01-11 19:07 --------- d-----w C:\Program Files\Common Files\Java 2008-01-10 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-08 19:26 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-08 19:26 --------- d-----w C:\Program Files\Windows Mail 2008-01-08 19:24 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-01-08 19:24 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-01-08 19:23 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-12-12 00:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-12 00:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-12 00:44 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-11 17:52 356,352 ----a-w C:\Windows\System32\NVUNINST.EXE 2007-12-05 16:07 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2007-12-05 16:06 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2007-12-05 15:40 509,952 ----a-w C:\Windows\CapiCom.dll 2007-11-30 21:10 22,328 ----a-w C:\Users\Sjefen\AppData\Roaming\PnkBstrK.sys 2007-11-29 16:40 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [08.01.2008 20:23 1232896] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [23.10.2007 14:18 202024] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03.03.2008 22:43 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [29.11.2007 17:33 1006264] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [19.01.2007 11:49 49152] "D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [20.08.2007 15:58 1671168] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [14.03.2007 19:10 116328] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12.03.2007 10:22 517768] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11.04.2007 15:32 56080 C:\Windows\KHALMNPR.Exe] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01.03.2007 14:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20.09.2007 08:51 1836328] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10.01.2008 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15.01.2008 03:22 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16 39792] "NvSvc"="C:\Windows\system32\nvsvc.dll" [11.12.2007 17:06 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11.12.2007 17:06 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11.12.2007 17:06 81920] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-29 18:27:29 692224] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{08ED6A4F-AD51-4ADB-BAD1-DB009B689F23}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{75E617EC-D3CF-4EC9-9D46-7A83E5CC3452}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{5D53B59F-7B67-4B46-84BC-2128F7F32283}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{BE8D6C38-A657-42D6-B08E-9A52C4CB76E2}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{0E474796-A590-489C-8BBA-277E182F6875}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{32D2FE45-C01C-4D1C-B98F-8C42B3351DD8}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{740729E1-9EC2-4204-B047-02C85DBCE86E}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander "{78D67122-E6F7-4863-A78A-2ACFB6DA7D01}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander "{F2FEF399-278A-483A-A61C-AC3780153121}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{53A3E401-3239-4D4F-B9F6-3FD4E4004B40}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{FF2036D4-EE48-472E-8E23-A2604325F769}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{40544AE8-7E77-40D1-8381-BBAAA00EC302}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{0CF113D1-F11D-4F2A-AFA0-8C9588E9AA23}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080227.001\IDSvix86.sys [13.02.2008 17:18] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [16.08.2007 13:49] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [09.01.2007 23:32] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [21.12.2007 19:18] *Newly Created Service* - COMHOST *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 23:49:37 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 03.03.2008 23:50:10 . 2008-02-29 12:02:19 --- E O F --- så restartet jeg og tok denne: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:53:58, on 03.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Opera\Opera.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Users\Malin og Lasse\Desktop\HijackThis logg\HijackThis.exe C:\Windows\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7488 bytes
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 Gjorde jeg riktig? Pcèn funker helt fint, så det er sagt...
snippsat Skrevet 3. mars 2008 Skrevet 3. mars 2008 (endret) Ja dette så jo bra ut loggene er rene Så norton har gjort en bra jobb og kombinasjon med SUPERAntispyware holder dette fint. Til oppryddning og register rensing anbefales CCleaner Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Endret 3. mars 2008 av SNIPPSAT
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 Hvordan får jeg opp kjør-vinduet i Vista?? Bruker forresten CCleaner... Godt og høre at loggene var rene..
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 fant det nå... men får bare beskjed om at den ikke finner combofix, jeg sletta mappa på skrivebordet og loggen som lagret seg manuelt jeg =O Hva gjør jeg da??
snippsat Skrevet 3. mars 2008 Skrevet 3. mars 2008 (endret) Trykk Win + R skulle vel virke. Lim innn fet tekst combofix /u Og får du gjenopprettet mappen gjør du det. Eller så så gjør du det dette. Kontrollpanel->system->systemgjenoppretting[slå av systemgjenoppretting ->restart]-*-[slå på systemgjenoppretting igjen] Endret 3. mars 2008 av SNIPPSAT
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 (endret) har limet det inn, det funker ikke... får bare beskjed om at den ikke finner combofix, jeg sletta mappa på skrivebordet og loggen som lagret seg manuelt jeg =O Hva gjør jeg da?? Søppelkassen er tømt.. og får ikke gjennopprettet hva skjer om jeg gjør det da? hørtes skummelt ut.. hehe Endret 3. mars 2008 av lasse958
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 Kan jeg ikke bare slette Systemgjenopprettings point da? Mulig jeg er dum, men finner ikke der jeg kan slå det av. hehe
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 Da fant jeg ut av det se, og da vet det gjort.. En siste ting, hvorfor bruker SUPERAntispyware brått så lang tid på å starte opp i førsten?? Gjorde brått det nå etter jeg oppgraderte fra versjon 3.9 til 4.0
snippsat Skrevet 3. mars 2008 Skrevet 3. mars 2008 (endret) Ikke sikker på åssen det er i vista. Men har flere triks. Start->kjør Lim inn fet tekst %systemroot%\system32\restore\rstrui.exe Så kan du lage et gjennoppretting tidpunkt for i dag. Får du ikke dette til ikke tenke mere på det. Pcen din var ren så om du setter den tilbake med systemgjennoppretting er det greit. hvorfor bruker SUPERAntispyware brått så lang tid på å starte opp i førsten?? He ingen anelse Endret 3. mars 2008 av SNIPPSAT
lasse_hansen87 Skrevet 3. mars 2008 Forfatter Skrevet 3. mars 2008 men uansett, tusen takk for all hjelp.. Du var til STOR hjelp!
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå