Aafloey Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 Noen som vet hvordan det har seg at når jeg klikker inn på min datamaskin, så kommer den lommelykten opp og det tar kanskje 1 min eller mer før innholdet der vises, har hardisken min tatt kvelden? Har prøvd masse scandisk, spyware programmer osv men det er ingenting som fikser dette problemet...? Lenke til kommentar
fredrick4 Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 veit ikke koffor nei. men hvis jeg har vært deg har jeg restarta hele p-c`n Lenke til kommentar
snippsat Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 (endret) Hd Tune Sjekk ytlesen,scan for error. Kan se om du har noe grums. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Test. Boot tapp f8,velg sikkerhetmodus det samme her? har vært deg har jeg restarta hele p-c`n He for håpe han har restartet pcen,eller var det reinnstall du mente. Endret 27. mars 2008 av SNIPPSAT Lenke til kommentar
fenderebest Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 (endret) Du kan også bruke et program som heter Process Explorer for å feilsøke ytelsesporblemer. Guide for hvordan du bruker det finner du i guiden min over. Sjekk foreksempel at det er nok RAM slik at man unngår eksessiv sideveksling. Du kan evt bruke Diskmon for å se nærmere på hva harddisken din jobber med i all denne tiden. Endret 27. mars 2008 av fenderebest Lenke til kommentar
Aafloey Skrevet 27. mars 2008 Forfatter Rapporter Del Skrevet 27. mars 2008 (endret) Ok kjørte begge testene med HD Tune, den fant ingen problemer og jeg legger ved et screenshot av benchmark testen. Og PC-en oppfører seg helt frisk når jeg kjører sikker modus. Da funka den som den skal. Her er loggen fra hijack this: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:47:03, on 27.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\Logi_MwX.Exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Razer\DeathAdder\razertra.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Easy Synchronization] C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - file://C:\Programfiler\OpenCube\Visual Infinite Menus\comdlg32.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: 6741f5de O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe -- End of file - 10965 bytes Endret 27. mars 2008 av Aafloey Lenke til kommentar
fredrick4 Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 Hd TuneSjekk ytlesen,scan for error. Kan se om du har noe grums. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Test. Boot tapp f8,velg sikkerhetmodus det samme her? har vært deg har jeg restarta hele p-c`n He for håpe han har restartet pcen,eller var det reinnstall du mente. mente reinnstall ja xD Lenke til kommentar
JKJK Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 Har du nettverksstasjoner mounta? I såfall kan det være disse lager plagene. Lenke til kommentar
snippsat Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 Du har noe grums Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Sewero Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 Prøv å diskfragmentere og slikt. Lenke til kommentar
Aafloey Skrevet 27. mars 2008 Forfatter Rapporter Del Skrevet 27. mars 2008 (endret) Har du nettverksstasjoner mounta? I såfall kan det være disse lager plagene. Hva mener du med det? Jeg har nylig defragmentert, igår faktisk. Det hjalp ikke. Og den combofix linker ser ikke ut til å funke... Endret 27. mars 2008 av Aafloey Lenke til kommentar
snippsat Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 (endret) Virker ikke linken for deg? Eller får du ikke startet combofix? Disbale antivirus. Endret 27. mars 2008 av SNIPPSAT Lenke til kommentar
Aafloey Skrevet 27. mars 2008 Forfatter Rapporter Del Skrevet 27. mars 2008 (endret) Klikker på den i firefox, men får aldri opp ja knappen for å lagre fila... Fikk det til Endret 27. mars 2008 av Aafloey Lenke til kommentar
snippsat Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 Kan du ta den med IE? Lenke til kommentar
snippsat Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe Lenke til kommentar
Aafloey Skrevet 27. mars 2008 Forfatter Rapporter Del Skrevet 27. mars 2008 Okey, her er log fra Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-03-26.3 - Marius H.Aa 2008-03-27 23:37:54.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2170 [GMT 1:00] Running from: C:\Documents and Settings\Marius H.Aa\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\AutoRun.inf . ((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))) . 2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Documents and Settings\Marius H.Aa\Programdata\SUPERAntiSpyware.com 2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-27 20:46 . 2008-03-27 20:46 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-27 17:26 . 2008-03-27 17:26 <DIR> d-------- C:\Programfiler\HD Tune 2008-03-27 14:12 . 2008-03-27 14:17 <DIR> d-------- C:\Programfiler\Wise Disk Cleaner 2008-03-27 14:06 . 2008-03-27 14:09 <DIR> d-------- C:\Programfiler\Wise Registry Cleaner 3 2008-03-25 16:07 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll 2008-03-25 16:07 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-03-25 16:07 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-03-25 16:07 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll 2008-03-25 15:51 . 2008-03-25 15:51 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2008-03-24 17:16 . 2001-01-09 19:09 12,285 --a------ C:\WINDOWS\Cadx3.ini 2008-03-24 17:16 . 2003-02-14 03:20 6,942 --a------ C:\WINDOWS\cadx2.ini 2008-03-24 17:10 . 2008-03-24 17:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-03-16 14:55 . 2008-03-16 14:55 <DIR> d-------- C:\Programfiler\strings 2008-03-16 14:55 . 2007-06-28 13:54 192,512 --a------ C:\Programfiler\dict.exe 2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\list 2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\language 2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\info 2008-03-16 14:54 . 2008-03-16 14:55 <DIR> d-------- C:\Programfiler\icons 2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\charset 2008-03-10 16:30 . 2008-03-10 16:30 <DIR> d-------- C:\Documents and Settings\Marius H.Aa\Programdata\Hei! 2008-03-05 16:11 . 2008-03-27 20:50 <DIR> dr-h----- C:\Documents and Settings\Marius H.Aa\Siste 2008-02-28 21:34 . 2008-02-28 21:34 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-02-28 21:34 . 2008-02-28 21:34 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-02-28 21:33 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-02-28 21:33 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-02-28 21:33 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-02-28 21:32 . 2008-02-28 21:32 <DIR> d-------- C:\Programfiler\Futuremark . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 20:35 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-27 15:47 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-03-27 15:34 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\uTorrent 2008-03-27 13:17 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\Vso 2008-03-25 15:06 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2008-03-25 15:01 --------- d-----w C:\Programfiler\Fellesfiler\Logishrd 2008-03-25 14:54 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-25 14:51 --------- d-----w C:\Programfiler\Logitech 2008-03-24 11:18 --------- d-----w C:\Programfiler\Java 2008-03-22 21:16 --------- d-s---w C:\Programfiler\HLSW 2008-03-16 22:36 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\OpenOffice.org2 2008-03-16 13:55 237 ----a-w C:\Programfiler\dict.ini 2008-02-26 20:32 --------- d-----w C:\Programfiler\Fellesfiler\Futuremark Shared 2008-02-26 16:07 --------- d-----w C:\Programfiler\Rainlendar2 2008-02-26 15:51 --------- d-----w C:\Programfiler\muvee Technologies 2008-02-22 20:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink 2008-02-22 18:16 --------- d-----w C:\Programfiler\SmartFTP Client 2008-02-22 18:15 --------- d-----w C:\Programfiler\SmartFTP Client 2.5 Setup Files 2008-02-18 15:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-02-18 14:47 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-02-14 16:59 --------- d-----w C:\Programfiler\NVIDIA Corporation 2008-02-14 16:57 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application 2008-02-13 21:07 --------- d-----w C:\Programfiler\DivX 2008-02-13 16:01 --------- d-----w C:\Programfiler\Razer 2008-02-10 22:08 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\PE Explorer 2008-02-04 16:54 --------- d-----w C:\Programfiler\Teamspeak2_RC2 2008-02-04 16:54 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\teamspeak2 2008-01-31 20:46 --------- d-----w C:\Programfiler\ZD Soft 2008-01-29 23:51 --------- d-----w C:\Programfiler\SpywareBlaster 2008-01-29 23:50 --------- d-----w C:\Programfiler\Red Kawa 2008-01-29 23:45 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\Lavasoft 2008-01-29 23:37 --------- d-----w C:\Programfiler\Bonjour 2008-01-29 23:36 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-29 22:30 --------- d-----w C:\Programfiler\PowerISO 2008-01-29 03:20 2,177,576 ----a-w C:\WINDOWS\TBPanel.exe 2008-01-25 19:03 3 ----a-w C:\WINDOWS\Fonts\dxva_sig.txt 2008-01-09 02:11 360,448 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-01-09 00:53 360,448 ----a-w C:\WINDOWS\system32\nvudisp.exe 2008-01-01 13:49 151,478 ----a-w C:\Programfiler\dict.hlp 2007-11-19 22:25 22,328 -c--a-w C:\Documents and Settings\Marius H.Aa\Programdata\PnkBstrK.sys 2007-05-26 09:15 110,454 ----a-w C:\Programfiler\logo.bmp 2007-02-16 19:24 87,608 ----a-w C:\Documents and Settings\Marius H.Aa\Programdata\ezpinst.exe 2007-02-16 19:24 47,360 -c--a-w C:\Documents and Settings\Marius H.Aa\Programdata\pcouffin.sys 2001-10-28 14:27 182,784 ----a-w C:\Programfiler\dict.avi 2001-10-27 17:50 32 ----a-w C:\Programfiler\language.ini 1998-05-15 19:01 8,562 ----a-w C:\Programfiler\right.wav 1998-05-15 19:01 7,754 ----a-w C:\Programfiler\wrong.wav 1996-12-16 23:00 1,758 ----a-w C:\Programfiler\skipped.wav . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 01:15 1667584] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2008-01-29 04:20 2177576] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 10:49 49152] "D-Link D-Link Wireless N DWA-140"="C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 17:29 1388544] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "Easy Synchronization"="C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "Bluetooth Connection Assistant"="LBTWIZ.exe" [] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 16844800 C:\WINDOWS\RTHDCPL.exe] "DeathAdder"="C:\Programfiler\Razer\DeathAdder\razerhid.exe" [2007-09-07 15:54 159744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Easy Synchronization"="C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213] Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-25 16:07:42 67128] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-03-25 16:07:06 688128] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Programfiler\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Photosmart Premier Hurtigstart.lnk] backup=C:\WINDOWS\pss\HP Photosmart Premier Hurtigstart.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^SpyCatcher Protector.lnk] backup=C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --a------ 2007-07-12 12:23 6731312 C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a--c--- 2007-03-11 20:34 49152 C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\uTorrent\\utorrent.exe"= "C:\\Programfiler\\Steam\\steamapps\\marius_2004\\half-life 2 deathmatch\\hl2.exe"= "C:\\Programfiler\\Steam\\steamapps\\marius_2004\\counter-strike source\\hl2.exe"= "C:\\StubInstaller.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\marius_2004\\half-life 2 deathmatch\\hl2.exe"= "C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\HLSW\\hlsw.exe"= "C:\\Programfiler\\Java\\jre1.6.0_01\\launch4j-tmp\\RKMediaCenter.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"= "C:\\Programfiler\\TVersity\\Media Server\\TVersity.exe"= "C:\\Programfiler\\TVersity\\Media Server\\MediaServer.exe"= "C:\\Programfiler\\Valve\\Steam\\steam.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\marius_2004\\team fortress 2\\hl2.exe"= "C:\\Programfiler\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17493:TCP"= 17493:TCP:BitComet 17493 TCP "17493:UDP"= 17493:UDP:BitComet 17493 UDP R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56] R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 11:35] S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 18:10] S3 CyUsb;Cypress Generic USB Driver;C:\WINDOWS\system32\Drivers\CyUsb.sys [2005-03-03 19:47] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 23:42:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Razer\DeathAdder\razertra.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\MSN Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2008-03-27 23:48:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-27 22:48:27 Pre-Run: 95,894,913,024 byte ledig Post-Run: 95,794,982,912 byte ledig Og her er fra spyware programmet: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 03/27/2008 at 10:08 PM Application Version : 4.0.1154 Core Rules Database Version : 3426 Trace Rules Database Version: 1418 Scan type : Complete Scan Total Scan Time : 00:30:41 Memory items scanned : 606 Memory threats detected : 0 Registry items scanned : 5862 Registry threats detected : 0 File items scanned : 20670 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\Marius H.Aa\Cookies\marius [email protected][1].txt Lenke til kommentar
snippsat Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post logg c:\combofix File:: C:\Documents and Settings\Marius H.Aa\Programdata\ezpinst.exe Registry:: [-HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [-HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [-HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Restart og en ny HijackThis logg. Lenke til kommentar
Aafloey Skrevet 27. mars 2008 Forfatter Rapporter Del Skrevet 27. mars 2008 (endret) Dette er den nye loggen fra combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-03-26.3 - Marius H.Aa 2008-03-28 0:17:30.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2433 [GMT 1:00] Running from: C:\Documents and Settings\Marius H.Aa\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Marius H.Aa\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\Marius H.Aa\Programdata\ezpinst.exe . -- Script messages for sUBs -- Findstr -MIF:/ sursen ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Marius H.Aa\Programdata\ezpinst.exe . ((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))) . 2008-03-28 00:05 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-03-27 21:35 . 2008-03-28 00:09 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Documents and Settings\Marius H.Aa\Programdata\SUPERAntiSpyware.com 2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-27 20:46 . 2008-03-27 20:46 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-27 17:26 . 2008-03-27 17:26 <DIR> d-------- C:\Programfiler\HD Tune 2008-03-27 14:12 . 2008-03-27 14:17 <DIR> d-------- C:\Programfiler\Wise Disk Cleaner 2008-03-27 14:06 . 2008-03-27 14:09 <DIR> d-------- C:\Programfiler\Wise Registry Cleaner 3 2008-03-25 16:07 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-03-25 16:07 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-03-25 16:07 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-03-25 16:07 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll 2008-03-25 15:51 . 2008-03-25 15:51 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2008-03-24 17:16 . 2001-01-09 19:09 12,285 --a------ C:\WINDOWS\Cadx3.ini 2008-03-24 17:16 . 2003-02-14 03:20 6,942 --a------ C:\WINDOWS\cadx2.ini 2008-03-24 17:10 . 2008-03-24 17:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-03-16 14:55 . 2008-03-16 14:55 <DIR> d-------- C:\Programfiler\strings 2008-03-16 14:55 . 2007-06-28 13:54 192,512 --a------ C:\Programfiler\dict.exe 2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\list 2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\language 2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\info 2008-03-16 14:54 . 2008-03-16 14:55 <DIR> d-------- C:\Programfiler\icons 2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\charset 2008-03-10 16:30 . 2008-03-10 16:30 <DIR> d-------- C:\Documents and Settings\Marius H.Aa\Programdata\Hei! 2008-03-05 16:11 . 2008-03-28 00:17 <DIR> dr-h----- C:\Documents and Settings\Marius H.Aa\Siste 2008-02-28 21:34 . 2008-02-28 21:34 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-02-28 21:34 . 2008-02-28 21:34 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-02-28 21:33 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-02-28 21:33 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-02-28 21:33 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-02-28 21:32 . 2008-02-28 21:32 <DIR> d-------- C:\Programfiler\Futuremark . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 23:05 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-27 23:05 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2008-03-27 23:05 --------- d-----w C:\Programfiler\Fellesfiler\Logishrd 2008-03-27 20:35 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-27 15:47 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-03-27 15:34 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\uTorrent 2008-03-27 13:17 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\Vso 2008-03-25 14:51 --------- d-----w C:\Programfiler\Logitech 2008-03-24 11:18 --------- d-----w C:\Programfiler\Java 2008-03-22 21:16 --------- d-s---w C:\Programfiler\HLSW 2008-03-16 22:36 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\OpenOffice.org2 2008-03-16 13:55 237 ----a-w C:\Programfiler\dict.ini 2008-02-26 20:32 --------- d-----w C:\Programfiler\Fellesfiler\Futuremark Shared 2008-02-26 16:07 --------- d-----w C:\Programfiler\Rainlendar2 2008-02-26 15:51 --------- d-----w C:\Programfiler\muvee Technologies 2008-02-22 20:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink 2008-02-22 18:16 --------- d-----w C:\Programfiler\SmartFTP Client 2008-02-22 18:15 --------- d-----w C:\Programfiler\SmartFTP Client 2.5 Setup Files 2008-02-18 15:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-02-18 14:47 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-02-14 16:59 --------- d-----w C:\Programfiler\NVIDIA Corporation 2008-02-14 16:57 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application 2008-02-13 21:07 --------- d-----w C:\Programfiler\DivX 2008-02-13 16:01 --------- d-----w C:\Programfiler\Razer 2008-02-10 22:08 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\PE Explorer 2008-02-04 16:54 --------- d-----w C:\Programfiler\Teamspeak2_RC2 2008-02-04 16:54 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\teamspeak2 2008-01-31 20:46 --------- d-----w C:\Programfiler\ZD Soft 2008-01-29 23:51 --------- d-----w C:\Programfiler\SpywareBlaster 2008-01-29 23:50 --------- d-----w C:\Programfiler\Red Kawa 2008-01-29 23:45 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\Lavasoft 2008-01-29 23:37 --------- d-----w C:\Programfiler\Bonjour 2008-01-29 23:36 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-29 22:30 --------- d-----w C:\Programfiler\PowerISO 2008-01-29 03:20 2,177,576 ----a-w C:\WINDOWS\TBPanel.exe 2008-01-25 19:03 3 ----a-w C:\WINDOWS\Fonts\dxva_sig.txt 2008-01-09 02:11 360,448 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-01-09 00:53 360,448 ----a-w C:\WINDOWS\system32\nvudisp.exe 2008-01-01 13:49 151,478 ----a-w C:\Programfiler\dict.hlp 2007-11-19 22:25 22,328 -c--a-w C:\Documents and Settings\Marius H.Aa\Programdata\PnkBstrK.sys 2007-05-26 09:15 110,454 ----a-w C:\Programfiler\logo.bmp 2007-02-16 19:24 47,360 -c--a-w C:\Documents and Settings\Marius H.Aa\Programdata\pcouffin.sys 2001-10-28 14:27 182,784 ----a-w C:\Programfiler\dict.avi 2001-10-27 17:50 32 ----a-w C:\Programfiler\language.ini 1998-05-15 19:01 8,562 ----a-w C:\Programfiler\right.wav 1998-05-15 19:01 7,754 ----a-w C:\Programfiler\wrong.wav 1996-12-16 23:00 1,758 ----a-w C:\Programfiler\skipped.wav . ((((((((((((((((((((((((((((( snapshot@2008-03-27_23.48.18.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-27 23:05:59 10,134 ----a-r C:\WINDOWS\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe + 2008-03-27 23:07:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2c8.dat + 2008-03-27 23:07:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 01:15 1667584] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2008-01-29 04:20 2177576] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 10:49 49152] "D-Link D-Link Wireless N DWA-140"="C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 17:29 1388544] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "Easy Synchronization"="C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "Bluetooth Connection Assistant"="LBTWIZ.exe" [] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 16844800 C:\WINDOWS\RTHDCPL.exe] "DeathAdder"="C:\Programfiler\Razer\DeathAdder\razerhid.exe" [2007-09-07 15:54 159744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213] Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-25 16:07:42 67128] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-03-25 16:07:06 784912] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Programfiler\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Photosmart Premier Hurtigstart.lnk] backup=C:\WINDOWS\pss\HP Photosmart Premier Hurtigstart.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^SpyCatcher Protector.lnk] backup=C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --a------ 2007-07-12 12:23 6731312 C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a--c--- 2007-03-11 20:34 49152 C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\uTorrent\\utorrent.exe"= "C:\\Programfiler\\Steam\\steamapps\\marius_2004\\half-life 2 deathmatch\\hl2.exe"= "C:\\Programfiler\\Steam\\steamapps\\marius_2004\\counter-strike source\\hl2.exe"= "C:\\StubInstaller.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\marius_2004\\half-life 2 deathmatch\\hl2.exe"= "C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\HLSW\\hlsw.exe"= "C:\\Programfiler\\Java\\jre1.6.0_01\\launch4j-tmp\\RKMediaCenter.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"= "C:\\Programfiler\\TVersity\\Media Server\\TVersity.exe"= "C:\\Programfiler\\TVersity\\Media Server\\MediaServer.exe"= "C:\\Programfiler\\Valve\\Steam\\steam.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\marius_2004\\team fortress 2\\hl2.exe"= "C:\\Programfiler\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17493:TCP"= 17493:TCP:BitComet 17493 TCP "17493:UDP"= 17493:UDP:BitComet 17493 UDP R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56] R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 11:35] S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 18:10] S3 CyUsb;Cypress Generic USB Driver;C:\WINDOWS\system32\Drivers\CyUsb.sys [2005-03-03 19:47] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 00:20:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-28 0:22:06 ComboFix-quarantined-files.txt 2008-03-27 23:21:40 ComboFix2.txt 2008-03-27 22:48:31 Pre-Run: 95,519,969,280 byte ledig Post-Run: 95,500,627,968 byte ledig Og logg fra Hijackthis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:30:31, on 28.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\TVersity\Media Server\MediaServer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\Logi_MwX.Exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Logitech\SetPoint\LBTWiz.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Razer\DeathAdder\razertra.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file) O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Easy Synchronization] C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - file://C:\Programfiler\OpenCube\Visual Infinite Menus\comdlg32.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe -- End of file - 11203 bytes Endret 27. mars 2008 av Aafloey Lenke til kommentar
snippsat Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 Kjør kun hjt. Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file) O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html Restart og en ny HijackThis logg. Lenke til kommentar
Aafloey Skrevet 27. mars 2008 Forfatter Rapporter Del Skrevet 27. mars 2008 Okey, ny logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:44:55, on 28.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\TVersity\Media Server\MediaServer.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\Logi_MwX.Exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Logitech\SetPoint\LBTWiz.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Razer\DeathAdder\razertra.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Easy Synchronization] C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - file://C:\Programfiler\OpenCube\Visual Infinite Menus\comdlg32.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe -- End of file - 10888 bytes Lenke til kommentar
snippsat Skrevet 27. mars 2008 Rapporter Del Skrevet 27. mars 2008 Ja nå er loggen helt ren for virus-spyware. Du for se om den går raskere. Nå vil jeg rydde litt mere,du har mye spywaresoftware som kjører. Er den forsatt treg,så må nok noe rydding til. Du får gi tilbakemelding. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå