Just nu i M3-nätverket
Jump to content

Virus problem


Vippo

Recommended Posts

Skulle någon kunna barmhärtiga sig över mig? Jag har jagat virus i veckor nu, men det verkar hela tiden som om de kommer tillbaka eller jag missar dem. Kör med Norman och sedan en tid även med Avast.

 

Har sett att flera visar något som heter Hijack this, så jag chansar på att klippa in det också. Är så erbarmerligt grön på sånt här tyvärr. Vore mycket tacksam för hjälp.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 8:00:27 PM, on 10/24/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\CTsvcCDA.exe

c:\program\pinnacle\mediac~1\epgspo~2.exe

C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\NORMAN\bin\NJEEVES.EXE

C:\NORMAN\Npf\BIN\NPFSVICE.EXE

C:\NORMAN\Bin\Zanda.exe

C:\NORMAN\Nvc\bin\nvcoas.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

C:\Program\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

C:\NORMAN\bin\ZLH.EXE

C:\Program\D-Tools\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program\Ahead\InCD\InCD.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Java\jre1.5.0_07\bin\jusched.exe

C:\NORMAN\Nvc\BIN\NIP.EXE

C:\NORMAN\Nvc\bin\cclaw.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\NORMAN\Npf\BIN\npfmsg2.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

C:\NORMAN\bin\ZLH.EXE

C:\Program\D-Tools\daemon.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\Ahead\InCD\InCD.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Java\jre1.5.0_07\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program\Messenger\msmsgs.exe

C:\NORMAN\Nvc\BIN\NIP.EXE

C:\NORMAN\Nvc\bin\cclaw.exe

C:\NORMAN\Npf\BIN\npfmsg2.exe

C:\NORMAN\bin\niu.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Rasmus\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hattrick.org/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PMCS] C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [PMCRemote] C:\Program\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [inCD] C:\Program\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - Startup: BitTorrent.lnk = C:\Program\BitTorrent\bittorrent.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: Parbet Poker - {47C7E27E-BD99-48d1-8D09-C7BD4981602A} - C:\Program\parbetMPP\MPPoker.exe

O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program\EmpirePokerMaster\EmpirePoker\RunEPoker.exe

O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program\EmpirePokerMaster\EmpirePoker\RunEPoker.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program\nordicbetMPP\MPPoker.exe

O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127173042937

O17 - HKLM\System\CCS\Services\Tcpip\..\{44B6A787-1ABE-4D24-A57E-DE248A6F8B16}: NameServer = 192.168.0.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\program\pinnacle\mediac~1\epgspo~2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE

O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Npf\BIN\NPFSVICE.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

[/log]

 

 

Link to comment
Share on other sites

Det syns inget i HijackThis-loggen, men det är inte allt som syns där.

Vilket program hittar något ibland?

Vad hittas, filnamn, mapp och otrevlighetens namn?

 

Det är olämpligt att ha två aktiva antivirusprogram i datorn, det kan leda till seg dator och andra konstiga problem.

 

Link to comment
Share on other sites

Tack för svar.

 

Efter min post igår körde jag två online virusscanner och de hittade inte heller något.

 

Det jag hade problem med länge hette startpage-210 (trojan) har jag för mig. Lyckades eventuellt få bort det med Avast (som hittade det flera ggr på olika ställen).

 

Dock har datorn strulat en hel del sedan dess, låser sig vid uppstart, felmeddelanden på Norman m.m. Kan det bero på de två virusprogrammen?

 

Jag skulle gärna ta bort Norman, men vill gärna behålla den brandväggen (enda jag har) och har inte lyckats luska ut hur jag kan få bort virusprogrammet separat?

 

Link to comment
Share on other sites

Dock har datorn strulat en hel del sedan dess, låser sig vid uppstart, felmeddelanden på Norman m.m. Kan det bero på de två virusprogrammen?

Ja kanske

 

Jag skulle gärna ta bort Norman, men vill gärna behålla den brandväggen (enda jag har) och har inte lyckats luska ut hur jag kan få bort virusprogrammet separat?

Det går nog inte, du kan ju i stället installera en annan brandvägg, t ex gratis från ZoneLabs: http://www.zonelabs.com/store/content/home.jsp

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...