RMBB Skrevet 14. august 2008 Rapporter Del Skrevet 14. august 2008 (endret) Driver og renser en pc for en bekjent. Noen som gidder og se igjennom loggene for meg? SAS SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/14/2008 at 10:18 AM Application Version : 3.8.1002 Core Rules Database Version : 3536 Trace Rules Database Version: 1525 Scan type : Complete Scan Total Scan Time : 00:26:45 Memory items scanned : 194 Memory threats detected : 0 Registry items scanned : 5523 Registry threats detected : 35 File items scanned : 25330 File threats detected : 13 Trojan.Unclassified/BGRQFETX HKLM\Software\Classes\CLSID\{892B88A3-DC94-4A1F-A75A-9AA50061A683} HKCR\CLSID\{892B88A3-DC94-4A1F-A75A-9AA50061A683} HKCR\CLSID\{892B88A3-DC94-4A1F-A75A-9AA50061A683} HKCR\CLSID\{892B88A3-DC94-4A1F-A75A-9AA50061A683}\InprocServer32 HKCR\CLSID\{892B88A3-DC94-4A1F-A75A-9AA50061A683}\InprocServer32#ThreadingModel HKCR\CLSID\{892B88A3-DC94-4A1F-A75A-9AA50061A683}\ProgID HKCR\CLSID\{892B88A3-DC94-4A1F-A75A-9AA50061A683}\Programmable HKCR\CLSID\{892B88A3-DC94-4A1F-A75A-9AA50061A683}\TypeLib HKCR\CLSID\{892B88A3-DC94-4A1F-A75A-9AA50061A683}\VersionIndependentProgID C:\WINDOWS\BGRQFETX.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{892B88A3-DC94-4A1F-A75A-9AA50061A683} HKCR\bgrqfetx.1 HKCR\bgrqfetx HKCR\TypeLib\{20E1148B-A9DB-4678-82AB-E3E72B0F2959} HKCR\TypeLib\{20E1148B-A9DB-4678-82AB-E3E72B0F2959}\1.0 HKCR\TypeLib\{20E1148B-A9DB-4678-82AB-E3E72B0F2959}\1.0 HKCR\TypeLib\{20E1148B-A9DB-4678-82AB-E3E72B0F2959}\1.0\win32 HKCR\TypeLib\{20E1148B-A9DB-4678-82AB-E3E72B0F2959}\1.0\FLAGS HKCR\TypeLib\{20E1148B-A9DB-4678-82AB-E3E72B0F2959}\1.0\HELPDIR Trojan.Dropper/Gen-NV HKLM\Software\Classes\CLSID\{D008184A-43B4-45BA-93A4-5ACC49CE4E9A} HKCR\CLSID\{D008184A-43B4-45BA-93A4-5ACC49CE4E9A} HKCR\CLSID\{D008184A-43B4-45BA-93A4-5ACC49CE4E9A}\InProcServer32 C:\WINDOWS\XOKVRPWG.DLL HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#xokvrpwg Trojan.Net-MSV/VPS HKLM\Software\Classes\CLSID\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} HKCR\CLSID\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} HKCR\CLSID\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} HKCR\CLSID\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396}\InprocServer32 HKCR\CLSID\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396}\InprocServer32#ThreadingModel HKCR\CLSID\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396}\ProgID HKCR\CLSID\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396}\Programmable HKCR\CLSID\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396}\TypeLib HKCR\CLSID\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396}\VersionIndependentProgID C:\WINDOWS\WNLMDAKQLAG.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} Desktop Hijacker.AboutYourPrivacy C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\images C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\privacy_danger Trojan.Net-MU/Gen HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString Trojan.Dropper/Gen C:\WINDOWS\EDLB.EXE C:\WINDOWS\LNVEGAOW.EXE Adware.Vundo-Variant/J C:\WINDOWS\TFNSLOPK.DLL Combofix ComboFix 08-08-13.02 - Administrator 2008-08-14 11:45:18.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.336 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\X\Favoritter\Error Cleaner.url C:\Documents and Settings\X\Favoritter\Privacy Protector.url C:\Documents and Settings\X\Favoritter\Spyware&Malware Protection.url C:\Documents and Settings\X\Skrivebord\Error Cleaner.url C:\Documents and Settings\X\Skrivebord\Privacy Protector.url C:\Documents and Settings\X\Skrivebord\Spyware&Malware Protection.url C:\Programfiler\FunWebProducts C:\Programfiler\FunWebProducts\ScreenSaver\Cache\08A8D7FA.swf C:\Programfiler\FunWebProducts\ScreenSaver\Cache\files.ini C:\Programfiler\FunWebProducts\ScreenSaver\Images\08A759A1.urr C:\Programfiler\FunWebProducts\ScreenSaver\Images\08A8D532.urr C:\Programfiler\FunWebProducts\ScreenSaver\Images\08A8EFB8.dat C:\Programfiler\FunWebProducts\ScreenSaver\Images\wrkparam.lst C:\Programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MailStampBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html C:\Programfiler\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MyStationeryBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Programfiler\MyWebSearch C:\Programfiler\MyWebSearch\bar\1.bin\F3BKGERR.JPG C:\Programfiler\MyWebSearch\bar\1.bin\F3CJPEG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3DTACTL.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HISTSW.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HTMLMU.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HTTPCT.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3IMSTUB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3POPSWT.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3PSSAVR.SCR C:\Programfiler\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3RESTUB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SCHMON.EXE C:\Programfiler\MyWebSearch\bar\1.bin\F3SCRCTR.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SHLLVW.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SPACER.WMV C:\Programfiler\MyWebSearch\bar\1.bin\F3WALLPP.DAT C:\Programfiler\MyWebSearch\bar\1.bin\F3WPHOOK.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3FFXTBR.JAR C:\Programfiler\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\1.bin\M3IDLE.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3NTSTBR.JAR C:\Programfiler\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3PLUGIN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3SKIN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3SKPLAY.EXE C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\NPMYWEBS.DLL C:\Programfiler\MyWebSearch\bar\Cache\0366CC88.bin C:\Programfiler\MyWebSearch\bar\Cache\0366DFDB.bin C:\Programfiler\MyWebSearch\bar\Cache\0366E176.bin C:\Programfiler\MyWebSearch\bar\Cache\0366E2E8.bin C:\Programfiler\MyWebSearch\bar\Cache\08A75E99 C:\Programfiler\MyWebSearch\bar\Cache\08A76463 C:\Programfiler\MyWebSearch\bar\Cache\08A765E9.bin C:\Programfiler\MyWebSearch\bar\Cache\08A76798.bin C:\Programfiler\MyWebSearch\bar\Cache\08A7698D.bin C:\Programfiler\MyWebSearch\bar\Cache\08A76B59.bin C:\Programfiler\MyWebSearch\bar\Cache\0A23BC35 C:\Programfiler\MyWebSearch\bar\Cache\16758594.bin C:\Programfiler\MyWebSearch\bar\Cache\1675874D.bin C:\Programfiler\MyWebSearch\bar\Cache\16759468.bin C:\Programfiler\MyWebSearch\bar\Cache\29761D01 C:\Programfiler\MyWebSearch\bar\Cache\files.ini C:\Programfiler\MyWebSearch\bar\Game\CHECKERS.F3S C:\Programfiler\MyWebSearch\bar\Game\CHESS.F3S C:\Programfiler\MyWebSearch\bar\Game\REVERSI.F3S C:\Programfiler\MyWebSearch\bar\History\search2 C:\Programfiler\MyWebSearch\bar\Settings\prevcfg2.htm C:\Programfiler\MyWebSearch\bar\Settings\s_pid.dat C:\Programfiler\MyWebSearch\bar\Settings\setting2.htm C:\Programfiler\MyWebSearch\bar\Settings\settings.dat C:\WINDOWS\system32\f3PSSavr.scr . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NSESVC -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))) . 2008-08-14 09:49 . 2008-08-14 09:49 <DIR> d-------- C:\Programfiler\Trend Micro 2008-08-14 09:49 . 2008-08-14 09:49 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-08-14 09:27 . 2008-08-14 09:27 <DIR> d-------- C:\Documents and Settings\X\.limewire 2008-08-14 09:25 . 2004-10-13 07:55 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-08-14 09:25 . 2004-10-12 15:17 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-08-14 09:25 . 2004-10-12 15:17 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-08-14 09:25 . 2008-08-14 11:44 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-08-14 09:25 . 2008-08-14 11:42 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-08-14 09:25 . 2004-10-13 09:05 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\toshiba 2008-08-14 09:25 . 2004-10-13 09:19 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Symantec 2008-08-14 09:25 . 2004-10-13 08:09 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\AdobeUM 2008-08-14 09:25 . 2008-08-14 11:43 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-08-14 09:25 . 2004-10-13 13:12 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-08-14 09:25 . 2004-10-12 13:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-08-14 09:25 . 2004-10-12 15:17 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-08-14 09:25 . 2004-10-13 13:12 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter 2008-08-14 09:25 . 2004-10-12 15:17 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-08-14 09:25 . 2008-08-14 09:25 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-13 14:18 . 2008-08-14 09:12 <DIR> d-------- C:\Programfiler\PestPatrol 2008-08-13 14:17 . 2008-08-13 14:18 1,737 --a------ C:\WINDOWS\SetupPestPatrolCorporate.mif 2008-08-13 12:43 . 2008-08-14 11:42 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-13 12:43 . 2008-08-13 12:43 <DIR> d-------- C:\Documents and Settings\X\Programdata\SUPERAntiSpyware.com 2008-08-13 12:43 . 2008-08-13 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-13 12:38 . 2008-08-13 12:38 <DIR> dr-h----- C:\Documents and Settings\X\Siste 2008-08-13 12:29 . 2008-08-13 12:29 <DIR> d-------- C:\Programfiler\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-14 09:48 --------- d-----w C:\Programfiler\Norman 2008-08-14 07:29 --------- d-----w C:\Programfiler\Windows Live Toolbar 2008-08-14 07:28 --------- d-----w C:\Programfiler\Google 2008-08-14 06:59 5 ----a-w C:\NPF_USER.DAT 2008-08-13 10:43 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-07 07:19 --------- d-----w C:\Documents and Settings\X\Programdata\AdobeUM 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2005-11-16 15:31 35 ----a-w C:\Programfiler\SCSSDist.ini 2005-09-09 17:55 7,155,864 ----a-w C:\Programfiler\NGhost10.msi 2005-09-09 17:55 4,588,454 ----a-w C:\Programfiler\setup.exe 2005-09-09 17:55 37,766,164 ----a-w C:\Programfiler\Data1.cab . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12 1314816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Tvs"="C:\Programfiler\TOSHIBA\Tv\TvsTray.exe" [2004-09-03 09:25 73728] "TouchED"="C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 14:07 122880] "TosHKCW.exe"="C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 15:07 49152] "TOSHIBA Bildeforbedringsverktøy"="C:\Programfiler\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe" [2004-09-29 13:35 638976] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544] "SmoothView"="C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe" [2004-03-30 14:44 118784] "PadTouch"="C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe" [2004-06-29 18:04 1077326] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-23 10:33 7122944] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 13:42 176128] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2005-10-28 20:08 335872] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.EXE" [2008-06-02 14:46 273520] "FastTVSync"="C:\Programfiler\Fellesfiler\InterVideo\FastTVSync\FastTVSync.exe" [2005-02-20 22:58 245760] "NSLauncher"="C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 16:30 3096576] "PestPatrol Control Center"="C:\Programfiler\PestPatrol\PPControl.exe" [2004-11-15 11:49 98304] "PPMemCheck"="C:\Programfiler\PestPatrol\PPMemCheck.exe" [2003-04-19 07:53 148480] "CookiePatrol"="C:\Programfiler\PestPatrol\CookiePatrol.exe" [2005-01-10 09:35 73728] "nwiz"="nwiz.exe" [2005-08-23 10:33 1519616 C:\WINDOWS\system32\nwiz.exe] "NDSTray.exe"="NDSTray.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-13 16:22:09 155648] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIM1"= PCLEPIM1.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^CD med tilleggsprogramvare.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\CD med tilleggsprogramvare.lnk backup=C:\WINDOWS\pss\CD med tilleggsprogramvare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Pinnacle Scheduler.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Pinnacle Scheduler.lnk backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^X^Start-meny^Programmer^Oppstart^Microsoft Office OneNote 2003 Quick Launch.lnk] path=C:\Documents and Settings\X\Start-meny\Programmer\Oppstart\Microsoft Office OneNote 2003 Quick Launch.lnk backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey] --a------ 2004-08-11 11:41 253952 C:\WINDOWS\system32\00THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-07 00:46 57344 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] -ra------ 2004-03-23 22:40 196608 C:\Programfiler\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 12:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] --a------ 2003-05-21 19:37 229437 C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2007-08-07 11:49 1836544 C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart] --a------ 2005-01-20 16:45 1896448 C:\Garmin\gStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2003-10-23 20:51 233472 C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2003-06-25 12:24 49152 C:\Programfiler\Hewlett-Packard\HP Software Update\hpwuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-07 16:55 267064 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --------- 2003-09-06 03:16 184320 C:\Programfiler\ltmoh\ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2004-10-13 18:24 1694208 C:\Programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!] --a------ 2005-06-07 00:46 57344 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2003-09-15 17:26 65536 C:\Programfiler\Toshiba\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK] --a------ 2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2004-12-21 18:10 88358 C:\WINDOWS\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol] --a------ 2003-08-25 11:36 73728 C:\WINDOWS\system32\TDispVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5] -ra------ 2004-06-28 10:16 73728 C:\WINDOWS\system32\TFNF5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] --a------ 2004-09-16 15:27 266240 C:\WINDOWS\system32\TPSMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 11:18] R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 23:01] R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2008-04-29 10:58] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 15:00] S0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys [] . Contents of the 'Scheduled Tasks' folder 2008-08-14 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Error Safe - C:\Programfiler\Error Safe Free\ERS.exe MSConfigStartUp-FinishOptions - C:\DOCUME~1\XLU~1\LOKALE~1\Temp\hpbinxst.exe MSConfigStartUp-MsnMsgr - C:\Programfiler\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-SemanticInsight - C:\Programfiler\RXToolBar\Semantic Insight\SemanticInsight.exe MSConfigStartUp-swg - C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-URLLSTCK - C:\Programfiler\Norton Internet Security\UrlLstCk.exe MSConfigStartUp-Windows Registry Repair Pro - C:\Programfiler\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe MSConfigStartUp-TFncKy - TFncKy.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm070YYNO O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-14 11:50:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Norman\Npm\Bin\elogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Toshiba\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programfiler\Norman\npf\bin\Npfsvice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\Programfiler\Norman\Npm\Bin\Njeeves.exe C:\Programfiler\Toshiba\ConfigFree\NDSTray.exe C:\Programfiler\Norman\NVC\bin\Nip.exe C:\Programfiler\Norman\NVC\bin\CClaw.exe C:\Programfiler\Norman\npf\bin\Npfmsg2.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\Norman\Npm\Bin\niu.exe . ************************************************************************** . Completion time: 2008-08-14 11:56:59 - machine was rebooted [X] ComboFix-quarantined-files.txt 2008-08-14 09:56:47 Pre-Run: 16,155,877,376 byte ledig Post-Run: 16,078,368,768 byte ledig 299 --- E O F --- 2008-08-10 08:25:17 HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:49:37, on 14.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: QXK Olive - {DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} - C:\WINDOWS\wnlmdakqlag.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: bgrqfetx - {892B88A3-DC94-4A1F-A75A-9AA50061A683} - C:\WINDOWS\bgrqfetx.dll O4 - HKLM\..\Run: [Tvs] C:\Programfiler\TOSHIBA\Tv\TvsTray.exe O4 - HKLM\..\Run: [TouchED] C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [TOSHIBA Bildeforbedringsverktøy] C:\Programfiler\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [FastTVSync] C:\Programfiler\Fellesfiler\InterVideo\FastTVSync\FastTVSync.exe O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programfiler\PestPatrol\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\Programfiler\PestPatrol\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\Programfiler\PestPatrol\CookiePatrol.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: xokvrpwg - {D008184A-43B4-45BA-93A4-5ACC49CE4E9A} - C:\WINDOWS\xokvrpwg.dll O21 - SSODL: tfnslopk - {60C63A83-A887-470B-8741-614F9AC95B4D} - C:\WINDOWS\tfnslopk.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Programfiler\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7586 bytes Endret 18. august 2008 av Jyztrik Lenke til kommentar
r2d290 Skrevet 14. august 2008 Rapporter Del Skrevet 14. august 2008 Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O2 - BHO: QXK Olive - {DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} - C:\WINDOWS\wnlmdakqlag.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O21 - SSODL: xokvrpwg - {D008184A-43B4-45BA-93A4-5ACC49CE4E9A} - C:\WINDOWS\xokvrpwg.dll O21 - SSODL: tfnslopk - {60C63A83-A887-470B-8741-614F9AC95B4D} - C:\WINDOWS\tfnslopk.dll Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Fortell også hva som var problemet, og hvordan maskinen fungerer nå. Lenke til kommentar
RMBB Skrevet 14. august 2008 Forfatter Rapporter Del Skrevet 14. august 2008 HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:47, on 2008-08-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programfiler\Norman\Npf\BIN\NPFSVICE.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\TOSHIBA\Tv\TvsTray.exe C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Programfiler\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe C:\Programfiler\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Fellesfiler\InterVideo\FastTVSync\FastTVSync.exe C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\PestPatrol\PPControl.exe C:\Programfiler\PestPatrol\PPMemCheck.exe C:\Programfiler\PestPatrol\CookiePatrol.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Norman\Npf\BIN\npfmsg2.exe C:\WINDOWS\system32\RAMASST.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\explorer.exe C:\Programfiler\Norman\npm\bin\niu.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Tvs] C:\Programfiler\TOSHIBA\Tv\TvsTray.exe O4 - HKLM\..\Run: [TouchED] C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [TOSHIBA Bildeforbedringsverktøy] C:\Programfiler\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [FastTVSync] C:\Programfiler\Fellesfiler\InterVideo\FastTVSync\FastTVSync.exe O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programfiler\PestPatrol\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\Programfiler\PestPatrol\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\Programfiler\PestPatrol\CookiePatrol.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm070YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Programfiler\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 0: (no name) - http://www.clubtropicana.no/grafikk/back.jpg O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 9185 bytes Var forskjellige ting. Fikk ikke aktivert aktive desktop, oppgavebehandling var deaktivert, Starmenyen var borte og det kom opp ikoner på desktop som kom tilbake selv om de bel slettet. Nå får jeg ikke høyreklikket på desktop og det kommer div feilmeldinger. eks: Finner ikke file:///C:/WINDOWS/privacy_danger/index.htm Kontroller at banen eller Internett-adressen er riktig. Lenke til kommentar
r2d290 Skrevet 14. august 2008 Rapporter Del Skrevet 14. august 2008 Jeg ser jeg var litt unøyaktig, og fikk deg til å fikse feil linje Heldigvis har HijackThis et backup-system, så vi skal få gjenoprettet dette Start HijackThis Velg "None of the above, just start the program" Trykk på "Config" Trykk på fanen "Backups" Marker linja O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll og trykk Restore Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene (hvis du finner de): O3 - Toolbar: bgrqfetx - {892B88A3-DC94-4A1F-A75A-9AA50061A683} - C:\WINDOWS\bgrqfetx.dll R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm070YYNO O24 - Desktop Component 0: (no name) - http://www.clubtropicana.no/grafikk/back.jpg O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Bruk explorer til å fjerne denne: C:\WINDOWS\privacy_danger\index.htm Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Se om det hjalp noe på problemet. Lenke til kommentar
RMBB Skrevet 15. august 2008 Forfatter Rapporter Del Skrevet 15. august 2008 Fant ikke C:\WINDOWS\privacy_danger\index.htm her kommer ny logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:58, on 2008-08-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programfiler\Norman\Npf\BIN\NPFSVICE.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\TOSHIBA\Tv\TvsTray.exe C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Programfiler\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe C:\Programfiler\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Fellesfiler\InterVideo\FastTVSync\FastTVSync.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TDispVol.exe C:\Programfiler\Norman\Npf\BIN\npfmsg2.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system320THotkey.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Garmin\gStart.exe C:\Programfiler\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\WINDOWS\system32\RAMASST.exe C:\Programfiler\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Programfiler\Apoint2K\Apntex.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Tvs] C:\Programfiler\TOSHIBA\Tv\TvsTray.exe O4 - HKLM\..\Run: [TouchED] C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [TOSHIBA Bildeforbedringsverktøy] C:\Programfiler\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [FastTVSync] C:\Programfiler\Fellesfiler\InterVideo\FastTVSync\FastTVSync.exe O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system320THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [sonic RecordNow!] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programfiler\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: CD med tilleggsprogramvare.lnk = D:\setup.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Programfiler\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 10423 bytes Lenke til kommentar
r2d290 Skrevet 15. august 2008 Rapporter Del Skrevet 15. august 2008 Loggene ser rene ut. Har du fortsatt problemer med maskinen? Hvis ikke kan du gjøre følgende: Du bør oppdatere Java Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen. Det ser ut til at din verjson av Java er utdatert Oppdatere Java: Trykk på følgende link, og last ned nyeste versjon av Java (Ikke beta):http://java.sun.com/javase/downloads/index.jsp [*]Gå til Start > Kontrollpanel > Legg til/fjern programmer. [*]Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... ) Alle disse versjonene bør ha dette bildet foran: Velg alle du finner, og trykk på Fjern [*]Deretter installerer du den Java-versjonen som du lastet ned i starten. Fortell hvordan det gikk med oppdateringen, da problemer med oppdatering kan indikere flere malware på systemet ditt. Lenke til kommentar
RMBB Skrevet 15. august 2008 Forfatter Rapporter Del Skrevet 15. august 2008 Nei, nå er det ingen problemer Alt virker fint! Tusen takk for hjelpen! Lenke til kommentar
r2d290 Skrevet 15. august 2008 Rapporter Del Skrevet 15. august 2008 Gikk det greit å oppdatere java? Lenke til kommentar
RMBB Skrevet 18. august 2008 Forfatter Rapporter Del Skrevet 18. august 2008 Ja, ingen problemer. Lenke til kommentar
r2d290 Skrevet 18. august 2008 Rapporter Del Skrevet 18. august 2008 Fint. Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Du kan avinstallere HijackThis: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå