AndersAu
-
Innlegg
98 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av AndersAu
-
-
Sjekket cpu, og den var litt over 50 grader.. Vet ikke om det er noe tempraturmåler på skjermkort.. vet vertfall ikke hvordan jeg sjekker den, kanskje noe tredjeparts softeware?
-
tok ut litt støv fra under skjermkotvifta og prosessorvifta. men det skjer fortsatt.. Kan det være at strømforsyningen blir varm? er litt vanskligere å fjerne støv der ifra siden det krever at jeg skrur den opp
-
Når jeg spiller spill restarter PC´en seg. det er forskjell på hvor lang tid det tar før den skrur seg av. Før den skrur seg av blir skjermen blå i et sekkund før den rebooter. Dette har pågått ganske lenge, og jeg formaterte den nylig men det hjalp ikke. noen som vet hva som kan være feil?
Specs:
radeon 9800 pro(flasha til xt)
1 gb ram
amd athlon 2800 xp
nforce 2 motherboard
-
PCen min kunne trengt seg en formatering, men jeg har ingen cd-rom. jeg har en image av windows xp på pcen. er det da en mulighet for å instalere windows uten cd-rom
-
hmm... defragmenteringen ble ferdig etter litt over en halv time, men det sto at noen filer på hd ikke kunne defragmenteres.. mener å huske at defragmenteringen brukte å vare i flere timer..
jeg har kjørt feilsøking av c: men det virker ikke som om den finner noe feil..
-
hmm, var det jeg og tenkte meg ja
-
jeg ligger vell ganske akkurat på minimum krav både på grafikk og minne. pcu er jeg usikker på om er bra nåkk
specs:
radeon 9800 xt
1gb ram
amd athlon XP2800( er usikker på om denne i hele tatt er i minimum systemkrav, ettersom det bare står krav i intel-prosessore)
men selv om jeg ligger på minimume krav, kommer vell frameraten til å ligge på et gjennomsnitt på 10fps.
er det noen som har erfart AOC med så pass dårlig PC som meg?
-
ja, jeg fikk sletta Web_Rebates, og temp-mappa var tom.. restarta PCen og den starta like fort som om den skulle være ny
Tusen takk for hjelpen norbat!
ok, tok vist seiern litt på forskudd.. den restarta ganske fort i sta men når jeg skrudde av dataen å skrudde den på igjen, 5 min senere.. var den like treg igjen. brukte over 3 min fra desktopen kom fram til det gikk an å bruke den... men virker som all virus og spyware er borte, og jeg har tatt vekk all unødvendige oppstartsprogrammer. så kanskje det er en defragmentering som skal til?
-
har kjørt ccleaner, her er loggen fra combofix
Klikk for å se/fjerne innholdet nedenforComboFix 08-05-21.3 - oyvind.aukrust 2008-05-23 22:19:33.2 - NTFSx86Running from: C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Skrivebord\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-23 22:16 . 2008-05-23 22:16 <DIR> dr-h----- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Siste
2008-05-23 19:12 . 2008-05-23 19:21 <DIR> d-------- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\wsInspector
2008-05-23 19:02 . 2008-05-23 19:03 <DIR> d-------- C:\Programfiler\Startup Inspector for Windows
2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\SUPERAntiSpyware.com
2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2008-05-23 13:49 . 2008-05-23 13:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-05-23 12:12 . 2008-05-23 12:12 <DIR> d-------- C:\Programfiler\CCleaner
2008-05-23 11:56 . 2008-05-23 11:56 <DIR> d-------- C:\Programfiler\Trend Micro
2008-05-11 13:20 . 2008-05-11 13:20 <DIR> d-------- C:\Programfiler\Sun
2008-05-11 13:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-11 13:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-11 13:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-11 12:43 . 2008-05-11 12:45 <DIR> d-------- C:\Programfiler\Windows Live
2008-05-11 12:43 . 2008-05-11 12:44 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller
2008-05-11 12:42 . 2008-05-11 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 15:25 --------- d-----w C:\Programfiler\Fellesfiler\Autodesk Shared
2008-05-23 15:25 --------- d-----w C:\Programfiler\AutoCAD 2002
2008-05-23 11:36 --------- d-----w C:\Programfiler\Google
2008-05-23 10:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-05-11 11:19 --------- d-----w C:\Programfiler\Java
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2001-10-05 09:53 21,866 -c--a-w C:\Programfiler\Fellesfiler\tppupd2k.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-23_16.57.27,48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 13:57:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 20:05:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-05-21 23:00:00 22,016 --s-a-w C:\WINDOWS\system32\borlndmm.dll
+ 2004-07-10 16:55:38 252,416 ----a-w C:\WINDOWS\system32\wsiShared.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
"GhostStartTrayApp"="C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21 94208]
"TPP Auto Loader"="C:\WINDOWS\TPPALDR.EXE" [2001-10-05 11:54 118784]
"PE2CKFNT SE"="C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Photo Express Calendar Checker SE.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Photo Express Calendar Checker SE.lnk
backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programfiler\MSN Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
R1 GhPciScan;GhostPciScanner;C:\Programfiler\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R2 eugss;EUTRON SmartKey GSS2 Driver;C:\WINDOWS\system32\Drivers\eugssxp.sys [2005-06-14 10:45]
R2 KeyP;KeyP;C:\WINDOWS\system32\DRIVERS\KeyP.sys [1995-11-07 08:00]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 efipsk;efipsk;C:\DOCUME~1\OYVIND~1.YNV\LOKALE~1\Temp\efipsk.sys []
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2005-06-14 10:45]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]
S3 TPP300;USB Storage Adapter V3 (TPP);C:\WINDOWS\system32\DRIVERS\TPP300.SYS [2001-10-05 11:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73925f44-717e-11dc-9a61-000423707175}]
\Shell\AutoRun\command - F:\Installer.exe
.
Contents of the 'Scheduled Tasks' folder
"2005-02-04 22:37:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1097530549.job"
- C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 22:24:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-23 22:27:59
ComboFix-quarantined-files.txt 2008-05-23 20:27:43
ComboFix2.txt 2008-05-23 14:58:07
Pre-Run: 14,173,118,464 byte ledig
Post-Run: 14,159,982,592 byte ledig
127 --- E O F --- 2008-05-17 15:01:37
-
1)
Diagnose: "Reklame: WebRebates.AP"
Plassering: "C:\Programfiler\Web_Rebates\Sy1150\Html\scri1150a.htm"
2)
Diagnose: "Trojaner: Malware.CMJR"
Plassering: "C:\temp\SearchRelevancy.exe"
jeg satte begge i karantene..
-
den tenker fortsatt veldig mye i starten, men den går bedre når den først har fått startet opp? Kanskje det har noe med at Norman viruskontroll fant 4 virus, deriblant trojanere osv. det sto at de ikke kunne settes i karantene. Hva kan jeg gjøre med dem?
Det er også en annen bruker på denne PCen, må jeg da også fjerne spyware fra den?
-
skal pcen kjøre i sikkerhetsmodus?
-
Ny Hjt
Klikk for å se/fjerne innholdet nedenforLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:31:50, on 23.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programfiler\Apoint2K\Apntex.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Trend Micro\HijackThis\test.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.start.no
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...992be6d71d48cd1
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AC473116-C745-4470-B288-DD9B9CF291DA} (eCStartX.eCStartClass) - http://portal/components/eCStartX.CAB
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDist.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no
O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
--
End of file - 7885 bytes
-
da er alle logger i innlegget over
-
har nå kjørt igjennom SAS hadde ca 260 infections, fikk ikke som noe alternativ til å slette de helt, tror de bare ble lagt i karantene. når jeg åpner Combofix får jeg sån advarsel om at 1 av 100 ikke klrer seg gjennom testen, er det trygt å ta den fordi?
her er ivertfall den ny hijackthis-loggen:
Klikk for å se/fjerne innholdet nedenforLogfile of Trend Micro HijackThis v2.0.2Scan saved at 16:30:07, on 23.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\Programfiler\Apoint2K\Apntex.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Trend Micro\HijackThis\test.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.start.no
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...992be6d71d48cd1
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AC473116-C745-4470-B288-DD9B9CF291DA} (eCStartX.eCStartClass) - http://portal/components/eCStartX.CAB
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDist.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no
O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
Edit: og her er SAS-loggen:
Klikk for å se/fjerne innholdet nedenforSUPERAntiSpyware Scan Loghttp://www.superantispyware.com
Generated 05/23/2008 at 03:43 PM
Application Version : 4.1.1046
Core Rules Database Version : 3467
Trace Rules Database Version: 1458
Scan type : Complete Scan
Total Scan Time : 01:30:44
Memory items scanned : 150
Memory threats detected : 0
Registry items scanned : 6172
Registry threats detected : 203
File items scanned : 23508
File threats detected : 48
Adware.Avenue Media
[Lejbk] C:\PROGRAM FILES\SQOF\REZEDW.EXE
C:\PROGRAM FILES\SQOF\REZEDW.EXE
Trojan.Search Variant
HKLM\Software\Classes\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\InprocServer32
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\InprocServer32#ThreadingModel
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\ProgID
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\Programmable
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\TypeLib
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\VersionIndependentProgID
C:\PROGRA~1\SEARCH~2\SEARCH~2.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}
Adware.IST/YourSiteBar
HKLM\Software\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\InprocServer32
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\InprocServer32#ThreadingModel
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\ProgID
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Programmable
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\TypeLib
HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\VersionIndependentProgID
C:\PROGRA~1\YOURSI~1\YSB.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKCR\Ysb.YsbObj.1
HKCR\Ysb.YsbObj.1\CLSID
HKCR\Ysb.YsbObj
HKCR\Ysb.YsbObj\CLSID
HKCR\Ysb.YsbObj\CurVer
HKCR\TypeLib\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKLM\Software\YourSiteBar
HKLM\Software\YourSiteBar#installTitle
HKLM\Software\YourSiteBar#barTitle
HKLM\Software\YourSiteBar#serverpath
HKLM\Software\YourSiteBar#urlAfterInstall
HKLM\Software\YourSiteBar#gUpdate
HKLM\Software\YourSiteBar#TBRowMode
HKLM\Software\YourSiteBar#yoursitebar.xml
HKLM\Software\YourSiteBar#imagemap_normal.bmp
HKLM\Software\YourSiteBar#showcorrupted
HKLM\Software\YourSiteBar#updatever
HKLM\Software\YourSiteBar#refreshscope
HKLM\Software\YourSiteBar#allowupdate
HKLM\Software\YourSiteBar#LastCheckTime
HKLM\Software\YourSiteBar#version.txt
HKLM\Software\YourSiteBar#UpdateBegin
HKLM\Software\YourSiteBar\Historyfiles
HKLM\Software\YourSiteBar\Historyfiles#C:\PROGRA~1\YOURSI~1\yoursitebar.xml
HKLM\Software\YourSiteBar\Historyfiles#C:\PROGRA~1\YOURSI~1\imagemap_normal.bmp
HKLM\Software\YourSiteBar\Historyfiles#C:\PROGRA~1\YOURSI~1\version.txt
HKLM\Software\YourSiteBar\Historysrcbox
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#HelpLink
Adware.IST/SideFind
HKLM\Software\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32#ThreadingModel
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Programmable
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib
HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID
C:\PROGRAMFILER\SIDEFIND\SIDEFIND.DLL
HKLM\Software\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32
HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32#ThreadingModel
HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\ProgID
HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\Programmable
HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\TypeLib
HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\VersionIndependentProgID
C:\PROGRAMFILER\SIDEFIND\SFBHO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKCR\SideFind.Finder
HKCR\SideFind.Finder\CLSID
HKCR\SideFind.Finder\CurVer
HKCR\SideFind.Finder.1
HKCR\SideFind.Finder.1\CLSID
HKLM\Software\SideFind
HKLM\Software\SideFind#account_id
HKLM\Software\SideFind#PathBHO
HKLM\Software\SideFind#PathDLL
HKLM\Software\SideFind#PathXML
HKLM\Software\SideFind#PathEXE
HKLM\Software\SideFind#InstallDate
HKLM\Software\SideFind#SearchSite
HKLM\Software\SideFind#update
HKLM\Software\SideFind#ver
HKLM\Software\SideFind#IntervalBetweenShows
HKLM\Software\SideFind#show
HKLM\Software\SideFind#NextShow
HKLM\Software\SideFind#NextReaction
HKLM\Software\SideFind\History
HKLM\Software\SideFind\History#0
HKLM\Software\SideFind\History#1
HKLM\Software\SideFind\History#2
HKLM\Software\SideFind\History#3
HKLM\Software\SideFind\History#4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind#UninstallString
C:\Programfiler\SideFind\sfexd001
C:\Programfiler\SideFind\update
C:\Programfiler\SideFind
BHObj Class BHO
HKLM\Software\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32#ThreadingModel
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\Programmable
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID
C:\WINDOWS\WSEM303.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
Adware.IST/ISTBar (Slotch Bar)
HKLM\Software\ISTsvc
HKLM\Software\ISTsvc#version
HKLM\Software\ISTsvc#app_name
HKLM\Software\ISTsvc#popup_url
HKLM\Software\ISTsvc#update_url
HKLM\Software\ISTsvc#config_url
HKLM\Software\ISTsvc#popup_initial_delay
HKLM\Software\ISTsvc#popup_count
HKLM\Software\ISTsvc#update_count
HKLM\Software\ISTsvc#update_version
HKLM\Software\ISTsvc#config_count
HKLM\Software\ISTsvc#account_id
HKLM\Software\ISTsvc#app_date
HKLM\Software\ISTsvc#popup_interval
HKLM\Software\ISTsvc#popup_last
HKLM\Software\ISTsvc#update_interval
HKLM\Software\ISTsvc#update_last
HKLM\Software\ISTsvc#config_interval
HKLM\Software\ISTsvc#config_last
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#NoModify
C:\Programfiler\ISTsvc
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]
Adware.Avenue Media/Internet Optimizer
HKCR\DyFuCA_BH.BHObj
HKCR\DyFuCA_BH.BHObj\CLSID
HKCR\DyFuCA_BH.BHObj\CurVer
HKCR\DyFuCA_BH.BHObj.1
HKCR\DyFuCA_BH.BHObj.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#Comment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#DComment
HKLM\Software\Avenue Media
HKLM\Software\Avenue Media\Internet Optimizer
HKLM\Software\Avenue Media\Internet Optimizer#TargetDir
HKLM\Software\Avenue Media\Internet Optimizer#CLS
HKLM\Software\Avenue Media\Internet Optimizer#RID
HKLM\Software\Avenue Media\Internet Optimizer#Version
HKLM\Software\Avenue Media\Internet Optimizer#TAC
HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited
HKLM\Software\Avenue Media\Internet Optimizer#UpdateInterval
HKLM\Software\Avenue Media\Internet Optimizer#ID
HKLM\Software\Avenue Media\Internet Optimizer#InstallT
HKLM\Software\Avenue Media\Internet Optimizer#remember[LLT]
HKLM\Software\Avenue Media\Internet Optimizer#Conn
HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Version
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Target
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#RawData
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#Data
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#RawData
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Data
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Options
HKLM\Software\Avenue Media\Internet Optimizer\WSE#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKLM\SOFTWARE\Policies\Avenue Media
Adware.Tracking Cookie
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@valueclick[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@tribalfusion[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@mediaplex[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@2o7[2].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][2].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@realmedia[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@tradedoubler[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@advertising[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@imrworldwide[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@maxserving[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@overture[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@indextools[2].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][2].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@doubleclick[2].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@hitbox[2].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@statcounter[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@atdmt[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@adtech[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@apmebf[2].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@indexstats[1].txt
C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt
statse.webtrendslive.com [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]
track.adform.net [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]
track.adform.net [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]
e2.emediate.se [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]
e2.emediate.se [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]
ad.zanox.com [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]
.telenorstartsiden.112.2o7.net [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]
C:\Documents and Settings\ynvsadm.NTVGS\Cookies\ynvsadm@adtech[1].txt
C:\Documents and Settings\ynvsadm.NTVGS\Cookies\ynvsadm@2o7[1].txt
her er combofix-logg
Klikk for å se/fjerne innholdet nedenforComboFix 08-05-21.3 - oyvind.aukrust 2008-05-23 16:45:57.1 - NTFSx86Running from: C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Skrivebord\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\SUPERAntiSpyware.com
2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2008-05-23 13:49 . 2008-05-23 13:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-05-23 12:48 . 2008-05-23 16:40 <DIR> dr-h----- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Siste
2008-05-23 12:12 . 2008-05-23 12:12 <DIR> d-------- C:\Programfiler\CCleaner
2008-05-23 11:56 . 2008-05-23 11:56 <DIR> d-------- C:\Programfiler\Trend Micro
2008-05-11 13:20 . 2008-05-11 13:20 <DIR> d-------- C:\Programfiler\Sun
2008-05-11 13:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-11 13:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-11 13:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-11 12:43 . 2008-05-11 12:45 <DIR> d-------- C:\Programfiler\Windows Live
2008-05-11 12:43 . 2008-05-11 12:44 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller
2008-05-11 12:42 . 2008-05-11 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 11:36 --------- d-----w C:\Programfiler\Google
2008-05-23 10:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-05-11 11:19 --------- d-----w C:\Programfiler\Java
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2001-10-05 09:53 21,866 -c--a-w C:\Programfiler\Fellesfiler\tppupd2k.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]
"SoundMan"="SOUNDMAN.EXE" [2003-06-20 19:55 55296 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]
"GhostStartTrayApp"="C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21 94208]
"TPP Auto Loader"="C:\WINDOWS\TPPALDR.EXE" [2001-10-05 11:54 118784]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [1999-06-02 11:31 34816]
"PE2CKFNT SE"="C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Photo Express Calendar Checker SE.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Photo Express Calendar Checker SE.lnk
backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programfiler\MSN Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
R1 GhPciScan;GhostPciScanner;C:\Programfiler\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R2 eugss;EUTRON SmartKey GSS2 Driver;C:\WINDOWS\system32\Drivers\eugssxp.sys [2005-06-14 10:45]
R2 KeyP;KeyP;C:\WINDOWS\system32\DRIVERS\KeyP.sys [1995-11-07 08:00]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 efipsk;efipsk;C:\DOCUME~1\OYVIND~1.YNV\LOKALE~1\Temp\efipsk.sys []
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2005-06-14 10:45]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]
S3 TPP300;USB Storage Adapter V3 (TPP);C:\WINDOWS\system32\DRIVERS\TPP300.SYS [2001-10-05 11:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73925f44-717e-11dc-9a61-000423707175}]
\Shell\AutoRun\command - F:\Installer.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2005-02-04 22:37:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1097530549.job"
- C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 16:53:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-23 16:58:05
ComboFix-quarantined-files.txt 2008-05-23 14:57:47
Pre-Run: 11,762,442,240 byte ledig
Post-Run: 12,333,379,584 byte ledig
123 --- E O F --- 2008-05-17 15:01:37
-
ok, er jobb-PCen til pappa.. så vill ikke gjøre noe galt med den
-
ok, men angående SAS, kan jeg slette infekssjoner som ligger på windowsfiler, system32 osv? har hatt problemer med at jeg sletter filer som er viktig for at windows skal klare å kjøre rett før..
-
I det siste har PCen min blitt treg, tok en scan med hijackthis, og her er loggen:
Klikk for å se/fjerne innholdet nedenforLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:58:00, on 23.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\Program Files\Sqof\Rezedw.exe
C:\Programfiler\Apoint2K\Apntex.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~2.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programfiler\SideFind\sfbho.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [telenor] C:\Programfiler\FriSurf\sad.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Lejbk] C:\Program Files\Sqof\Rezedw.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-1411074200-1179790526-1540833222-1916\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-790525478-1644491937-682003330-1565\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programfiler\SideFind\sidefind.dll (file missing)
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.start.no
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...be1e10940b1a7ee
4d6b88713ffc07adc36a6c198daa84af66cad27b7bddb:0bcd3b08a0018c359992be6d71d48cd1
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AC473116-C745-4470-B288-DD9B9CF291DA} (eCStartX.eCStartClass) - http://portal/components/eCStartX.CAB
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDist.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no
O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
--
End of file - 9558 bytes
-
fikk til dette, men det sto at det ikke var noen driver til den dataen. nA fungerer ikke de siste tastene i alfabetet b;ant annet?
-
Ja.
Drivere til FSC her: http://support.fujitsu-siemens.com/com/sup.../downloads.html
men får til svar at windows cd´en ikke var bootable. Jeg tror dette har noe med at det ikke er den orginale cden som fulgte med pcen?
-
har en bærbar fujitsu siemens PC, men den er såpass klikk at jeg skal formatere den, men jeg har ikke den windows cden som fulgte med pcen, der drivere osv også er. Kan jeg formatere den bare med min vanlige windows xp cd? så finner jeg drivere til skjermkort osv på nettet?
-
har foredrag på skolen om koreakrigen i morgen.. har lest litt rundt på nettet, men finner liksom ikke ut hva som er hovedgrunnen til at det brøt ut krig?
-
Noen som kan komme med tips på hvor mye denne maskinen er verdt?
Den har:
Kabinett: Husker ikke hva det heter.. kostet meg rundt 600
HD: 1x Samsung 320 gb, 1x 160 Maxtor
RAM: 2x 512 mb ddr
PCU: AMD Burton xp2800+
Hovedkort: Nvidia nforce 2
Ingen CD-rom (hadde, men den er defekt)
3.5 tommer disketstasjon
skjermkort: Radeon 9800 Pro (flasha til xt, med bedre avkjølingsvifte)
Skjerm: Medion 19 tommer CRT
TV-in-kort(pci: husker ikke merket, tror det heter Pinacle( kostet rundt 400 på qxl, for 3 år siden)
Wlan-kort(pci): husker ikke merket men kostet ca. 500 for tre år siden
Jeg ville tippet rundt 2000 kr.
maskinen skrur seg av i spill
i Maskinen fungerer ikke
Skrevet
ok, skal teste det senere i dag!