Pcen fryser, men virusprogram finner ingenting

[eblth]

Hallo!

 

Jeg har en forholdsvis ny bærbar pc, en HP Pavilion dv9000, som har funket strålende de siste månedene. Men for et par dager siden begynte problemene; alt jeg gjorde på pcen var tydeligvis "for mye", så den frøs, og jeg måtte holde inne på/av-knappen for å restarte den. Da dette hadde skjedd et par ganger, begynte det å komme noe windows-sjekk før pcen skrudde seg på (som tydeligvis startet når windows ikke kunne starte pga problemer).

Jeg trodde det var et virus eller noen andre slags ulumskheter, så sjekket pcen ved hjelp av norton antivirus og Spybot (sistnevnte hjalp meg da jeg hadde noen virusproblemer forrige gang), men ingen av programmene fant noe, og da kunne ikke den ene dataflinke vennen hjelpe meg heller...

Problemene skjer veldig lett, det kan skje bare jeg trykker på "tilbake"-knappen i internet explorer, eller stort sett når jeg spiller musikk (måtte gud forby at jeg startet en sang i wmp). Ellers høres det ut som om pcen jobber hardt omtrent hele tiden, og når den først fryser kommer det kun noen stakkarslige hikst...

 

Har noen hatt samme problemer, eller har noen noen ideer om hva jeg kan gjøre?

 

Takk for svar!

[Green_Monster]

Er ikke noe ekspert her, men du kan jo ta opp oppgavebehandlingen å se hva maskinen jobber sånn med.. Hvis du finner ut at det ikke er virus så kan du i alle fall få til å stenge programmet som bruker ressurser eller om det er noe du har satt igang som må gjøre seg ferdig elns

[snippsat]

Kan se om det er noe grums

 

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

[eblth]

Takk for svar

 

Kjørte hijackthis, og dette er loggen jeg fikk:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:40:03, on 03.04.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\System32\cleanmgr.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O18 - Protocol: bw+0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 22977 bytes

 

Cri: Sjekket hva som tok mye mest minne, men det var stort sett MSN, internet explorer og liknende programmer...

[snippsat]

Du har noe grums,må ha en logg fra combofix.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

 

Avinnstaler denne ligger og søker i bakrunnen hele tiden.

C:\Program Files\Logitech\Desktop Messenger\

[eblth]

Her er logg fra ComboFix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-04-07.5 - Eivind 2008-04-08 19:04:14.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1287 [GMT 2:00]

Running from: C:\Users\Eivind\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\Helper

 

.

((((((((((((((((((((((((( Files Created from 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-08 17:06 13,072 ----a-w C:\Users\Eivind\AppData\Roaming\nvModes.dat

2008-04-06 14:51 --------- d-----w C:\Users\Eivind\AppData\Roaming\LimeWire

2008-04-05 13:05 --------- d-----w C:\Program Files\Windows Live

2008-04-05 13:03 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-05 13:02 --------- d-----w C:\ProgramData\WLInstaller

2008-04-03 11:39 --------- d-----w C:\Program Files\Trend Micro

2008-03-31 03:45 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-03-31 03:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-30 16:42 --------- d-----w C:\ProgramData\Symantec

2008-03-29 17:19 --------- d-----w C:\Program Files\Google

2008-03-26 23:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-26 23:35 --------- d-----w C:\Program Files\InterVideo Information Service

2008-03-26 23:34 --------- d-----w C:\Program Files\Corel

2008-03-26 23:14 2,828 --sha-w C:\Users\All Users\KGyGaAvL.sys

2008-03-26 23:14 2,828 --sha-w C:\ProgramData\KGyGaAvL.sys

2008-03-26 22:51 8 --sh--r C:\Users\All Users\CE8F9D3F13.sys

2008-03-26 22:51 8 --sh--r C:\ProgramData\CE8F9D3F13.sys

2008-03-26 22:51 --------- d-----w C:\Users\Eivind\AppData\Roaming\Corel

2008-03-26 21:21 --------- d-----w C:\Program Files\Real

2008-03-26 21:21 --------- d-----w C:\Program Files\Common Files\xing shared

2008-03-26 21:21 --------- d-----w C:\Program Files\Common Files\Real

2008-03-24 18:07 --------- d-----w C:\Users\Eivind\AppData\Roaming\InterVideo

2008-03-24 18:05 --------- d-----w C:\Program Files\Common Files\Ulead

2008-03-24 17:29 --------- d-----w C:\Users\Eivind\AppData\Roaming\dvdcss

2008-03-23 12:31 --------- d-----w C:\Program Files\LimeWire

2008-03-21 13:54 --------- d-----w C:\Users\Eivind\AppData\Roaming\Apple Computer

2008-03-21 02:07 --------- d-----w C:\Program Files\Windows Mail

2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll

2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll

2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll

2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll

2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll

2008-03-03 14:34 400 ----a-w C:\Users\Eivind\AppData\Roaming\wklnhst.dat

2008-02-29 23:52 --------- d-----w C:\Program Files\AdVantage

2008-02-28 22:00 --------- d-----w C:\Program Files\EA GAMES

2008-02-28 20:58 --------- d-----w C:\Program Files\DAEMON Tools

2008-02-28 20:20 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-02-26 15:15 --------- d-----w C:\Program Files\iTunes

2008-02-26 15:15 --------- d-----w C:\Program Files\iPod

2008-02-26 15:14 --------- d-----w C:\Program Files\QuickTime

2008-02-13 02:40 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-13 02:40 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 02:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 02:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 02:34 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-13 02:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-13 02:34 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys

2008-02-13 02:34 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-13 02:34 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-13 02:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 02:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 02:34 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 02:34 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-13 02:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 02:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 02:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 02:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 02:33 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-13 02:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 02:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 02:33 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-13 02:30 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-13 02:30 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-13 02:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 02:30 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-12 15:12 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-02-12 15:12 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-02-12 15:12 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-02-12 15:12 --------- d-----w C:\Program Files\Symantec

2008-02-05 22:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll

2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2007-08-29 17:24 174 --sha-w C:\Program Files\desktop.ini

2007-08-26 01:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-08-26 01:18 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-08-26 01:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-07 16:37 32768]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 20:09 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 08:02 815104]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]

"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 07:18 22696]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32 472800]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-04 11:51 77824]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 94208 C:\Windows\KHALMNPR.Exe]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-28 19:26 90191]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-28 19:26 7770112]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-28 19:26 81920]

"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]

"TkBellExe"="C:\Program Files\Real Alternative\Update_OB\realsched.exe" [2008-03-26 23:21 180269]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-07 16:38:10 450560]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-07 16:35:17 593920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"=

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C9B227C4-E925-4F01-A624-3717EF43CE63}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP

"{912BADA2-97BE-49C6-B9F7-6F84C5CD5F86}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP

"{7A3619CA-90C4-4CE4-A17A-067C23F59881}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{19A18290-823D-4B93-ACE8-4B7A9E1F217A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{D67001AD-1CF6-4CE6-8A6E-753C8574D259}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{A77874CD-362E-451B-B019-818056B04357}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"TCP Query User{A26221BC-17D4-45D6-BD4B-877B1E1A4C1F}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger

"UDP Query User{7E0F94B4-9740-4B90-8BED-55137F8A0BD6}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger

"{43D66E8C-FED3-4E51-A629-3C8CB2A57E0F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{DCE6EEE3-57CF-42A4-BB6B-ABC7266A993F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{65BA082C-A042-4745-8ED0-C5F814C16C31}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{131D216C-FBB8-4EFA-B0E0-0362DB240E67}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{64C4E0BE-05E0-4D4C-B07C-86AB486D13FB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{DBD4CFD8-78D8-496B-9888-5767D8D8E1C9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{0FF3381F-824A-49DC-83E0-4450FCF2480F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071009.001\IDSvix86.sys [2007-09-13 16:49]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 14:03]

R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-04-04 18:54:47 C:\Windows\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - Eivind.job"

- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:

"2008-04-07 22:04:04 C:\Windows\Tasks\User_Feed_Synchronization-{41A6D055-8F43-4029-8BB8-93B60190A812}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-08 19:07:40

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-08 19:08:23

ComboFix-quarantined-files.txt 2008-04-08 17:08:18

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

.

2008-04-06 09:25:34 --- E O F ---

[snippsat]

Hei!

Klikk for å se/fjerne innholdet nedenfor

Kopiere fet tekst->lim inn i notisblokk.

Lagre på skrivebordet som CFScript.txt.

Gjør som på bildet,Post logg c:\combofix.txt

 

File::

C:\Users\All Users\CE8F9D3F13.sys

C:\ProgramData\CE8F9D3F13.sys

 

Folder::

C:\Program Files\AdVantage

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=-

 

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

Se ettet "AdVantage" på legg til fjern program->slett.

 

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

 

Restart og en ny HijackThis logg.

[aara]

Hallo!

 

Jeg har en forholdsvis ny bærbar pc, en HP Pavilion dv9000, som har funket strålende de siste månedene. Men for et par dager siden begynte problemene; alt jeg gjorde på pcen var tydeligvis "for mye", så den frøs, og jeg måtte holde inne på/av-knappen for å restarte den. Da dette hadde skjedd et par ganger, begynte det å komme noe windows-sjekk før pcen skrudde seg på (som tydeligvis startet når windows ikke kunne starte pga problemer).

Jeg trodde det var et virus eller noen andre slags ulumskheter, så sjekket pcen ved hjelp av norton antivirus og Spybot (sistnevnte hjalp meg da jeg hadde noen virusproblemer forrige gang), men ingen av programmene fant noe, og da kunne ikke den ene dataflinke vennen hjelpe meg heller...

Problemene skjer veldig lett, det kan skje bare jeg trykker på "tilbake"-knappen i internet explorer, eller stort sett når jeg spiller musikk (måtte gud forby at jeg startet en sang i wmp). Ellers høres det ut som om pcen jobber hardt omtrent hele tiden, og når den først fryser kommer det kun noen stakkarslige hikst...

 

Har noen hatt samme problemer, eller har noen noen ideer om hva jeg kan gjøre?

 

Takk for svar!

 

Hei!

Ser at du allerede har blitt hjulpet et stykke på veg men det er en ting jeg vil påpeke, i fara for å påkalle noens vrede her og det er antivirusprogrammet du kjører norton er ofte en stor synder da det gjelder maskiner som fryser det har en tendens til å spise opp all kapasiteten i maskina og resultatet er maskinen stopper. Jeg kastet ut min for flere år siden og ingen vil få meg til å bruke det igjen spesielt da det faktisk finnes menge gode gratisversoner slik som avast, avg med flere.

Ville bare påpeke at det også kan være en grunn til at maskinen fryser.

 

-aara

[Stigma]

jeg vil bare påpeke at det finnes mange andre muligheter utenom bare malware som kan forårsake hard-freeze på maskinen (gitt at jeg har tolket beskrivelsen din riktig altså).

 

Men... siden SNIPPSAT som har som har god erfaring med å hjelpe folk med malware "grums" som han så fint beskriver det som har tilbudt seg å hjelpe deg så kan du jo gjerne utelukke dette først.

 

-Stigma

[snippsat]

Ja det mange grunner til at en pc fryser.

Det er greit og få virus-spyware veien før videre feilsøk.

Norton spesielt eldere versjoner kan kan gjøre systemet tregere og gi frys.

Fixer det som regel med og fjerne det helt(norton remove tool)

Og installere det igjen.

Norton har skerpet ressusbruken på nyere versjoner.

For og nevne gratis antivirus bør avira tas med,som jeg mener er den beste av de gratise.

 

Hardware er også greit og teste.

Kan ta mere om dette når vi er ferdig med dette.

Endret 9. april 2008 av SNIPPSAT

[eblth]

Ny logg:)

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-04-07.5 - Eivind 2008-04-09 17:04:52.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1289 [GMT 2:00]

Running from: C:\Users\Eivind\Desktop\ComboFix.exe

Command switches used :: C:\Users\Eivind\Desktop\CFScript.txt..txt

* Created a new restore point

 

FILE ::

C:\ProgramData\CE8F9D3F13.sys

C:\Users\All Users\CE8F9D3F13.sys

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\AdVantage

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf

C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc

C:\Program Files\AdVantage\user.db

C:\ProgramData\CE8F9D3F13.sys

C:\Users\All Users\CE8F9D3F13.sys

 

.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-09 14:49 13,072 ----a-w C:\Users\Eivind\AppData\Roaming\nvModes.dat

2008-04-06 14:51 --------- d-----w C:\Users\Eivind\AppData\Roaming\LimeWire

2008-04-05 13:05 --------- d-----w C:\Program Files\Windows Live

2008-04-05 13:03 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-05 13:02 --------- d-----w C:\ProgramData\WLInstaller

2008-04-03 11:39 --------- d-----w C:\Program Files\Trend Micro

2008-03-31 03:45 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-03-31 03:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-30 16:42 --------- d-----w C:\ProgramData\Symantec

2008-03-29 17:19 --------- d-----w C:\Program Files\Google

2008-03-26 23:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-26 23:35 --------- d-----w C:\Program Files\InterVideo Information Service

2008-03-26 23:34 --------- d-----w C:\Program Files\Corel

2008-03-26 23:14 2,828 --sha-w C:\Users\All Users\KGyGaAvL.sys

2008-03-26 23:14 2,828 --sha-w C:\ProgramData\KGyGaAvL.sys

2008-03-26 22:51 --------- d-----w C:\Users\Eivind\AppData\Roaming\Corel

2008-03-26 21:21 --------- d-----w C:\Program Files\Real

2008-03-26 21:21 --------- d-----w C:\Program Files\Common Files\xing shared

2008-03-26 21:21 --------- d-----w C:\Program Files\Common Files\Real

2008-03-24 18:07 --------- d-----w C:\Users\Eivind\AppData\Roaming\InterVideo

2008-03-24 18:05 --------- d-----w C:\Program Files\Common Files\Ulead

2008-03-24 17:29 --------- d-----w C:\Users\Eivind\AppData\Roaming\dvdcss

2008-03-23 12:31 --------- d-----w C:\Program Files\LimeWire

2008-03-21 13:54 --------- d-----w C:\Users\Eivind\AppData\Roaming\Apple Computer

2008-03-21 02:07 --------- d-----w C:\Program Files\Windows Mail

2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll

2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll

2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll

2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll

2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll

2008-03-03 14:34 400 ----a-w C:\Users\Eivind\AppData\Roaming\wklnhst.dat

2008-02-28 22:00 --------- d-----w C:\Program Files\EA GAMES

2008-02-28 20:58 --------- d-----w C:\Program Files\DAEMON Tools

2008-02-28 20:20 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-02-26 15:15 --------- d-----w C:\Program Files\iTunes

2008-02-26 15:15 --------- d-----w C:\Program Files\iPod

2008-02-26 15:14 --------- d-----w C:\Program Files\QuickTime

2008-02-13 02:40 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-13 02:40 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 02:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 02:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 02:34 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-13 02:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-13 02:34 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys

2008-02-13 02:34 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-13 02:34 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-13 02:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 02:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 02:34 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 02:34 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-13 02:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 02:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 02:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 02:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 02:33 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-13 02:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 02:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 02:33 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-13 02:30 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-13 02:30 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-13 02:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 02:30 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-12 15:12 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-02-12 15:12 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-02-12 15:12 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-02-12 15:12 --------- d-----w C:\Program Files\Symantec

2008-02-05 22:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll

2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2007-08-29 17:24 174 --sha-w C:\Program Files\desktop.ini

2007-08-26 01:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-08-26 01:18 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-08-26 01:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-08_19.08.00,56 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-08 13:44:25 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-09 12:36:16 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-04-08 16:59:48 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-04-09 14:57:43 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-04-08 13:46:32 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-04-09 12:37:00 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

- 2008-04-08 17:03:32 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-04-09 15:04:17 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-04-08 13:46:38 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-04-09 12:37:31 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

- 2008-04-08 16:20:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-04-09 14:04:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-04-08 16:20:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-09 14:04:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-08 16:20:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-04-09 14:04:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-03-22 05:11:58 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

+ 2008-04-09 12:35:06 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

- 2008-04-08 13:46:46 8,418 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1652779409-875784169-4009966895-1000_UserData.bin

+ 2008-04-09 12:38:19 8,418 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1652779409-875784169-4009966895-1000_UserData.bin

- 2008-04-08 13:46:46 69,820 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-09 12:38:19 69,874 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-04-07 17:33:08 46,036 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-09 12:38:17 46,152 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-03-21 02:07:33 949,017 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-04-09 05:33:21 30,297,085 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-02-13 02:38:39 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe

+ 2008-02-13 02:38:39 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe

+ 2007-08-15 18:02:51 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat

+ 2007-08-15 18:02:51 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-07 16:37 32768]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 20:09 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 08:02 815104]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]

"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 07:18 22696]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32 472800]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-04 11:51 77824]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 94208 C:\Windows\KHALMNPR.Exe]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-28 19:26 90191]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-28 19:26 7770112]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-28 19:26 81920]

"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]

"TkBellExe"="C:\Program Files\Real Alternative\Update_OB\realsched.exe" [2008-03-26 23:21 180269]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-07 16:38:10 450560]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-07 16:35:17 593920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"=

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C9B227C4-E925-4F01-A624-3717EF43CE63}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP

"{912BADA2-97BE-49C6-B9F7-6F84C5CD5F86}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP

"{7A3619CA-90C4-4CE4-A17A-067C23F59881}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{19A18290-823D-4B93-ACE8-4B7A9E1F217A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{D67001AD-1CF6-4CE6-8A6E-753C8574D259}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{A77874CD-362E-451B-B019-818056B04357}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"TCP Query User{A26221BC-17D4-45D6-BD4B-877B1E1A4C1F}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger

"UDP Query User{7E0F94B4-9740-4B90-8BED-55137F8A0BD6}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger

"{43D66E8C-FED3-4E51-A629-3C8CB2A57E0F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{DCE6EEE3-57CF-42A4-BB6B-ABC7266A993F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{65BA082C-A042-4745-8ED0-C5F814C16C31}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{131D216C-FBB8-4EFA-B0E0-0362DB240E67}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{64C4E0BE-05E0-4D4C-B07C-86AB486D13FB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{DBD4CFD8-78D8-496B-9888-5767D8D8E1C9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{0FF3381F-824A-49DC-83E0-4450FCF2480F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071009.001\IDSvix86.sys [2007-09-13 16:49]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 14:03]

R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-04-04 18:54:47 C:\Windows\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - Eivind.job"

- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:

"2008-04-08 22:36:37 C:\Windows\Tasks\User_Feed_Synchronization-{41A6D055-8F43-4029-8BB8-93B60190A812}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-09 17:08:12

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-09 17:08:58

ComboFix-quarantined-files.txt 2008-04-09 15:08:54

ComboFix2.txt 2008-04-08 17:08:24

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

.

2008-04-06 09:25:34 --- E O F ---

[snippsat]

Greit så en highjackthis logg.

[eblth]

ta-da:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:24:40, on 10.04.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O18 - Protocol: bw+0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 22701 bytes

[/skjul}

[snippsat]

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

 

Fjerne rester fra norton.

Norton-Removal-Tool

 

Igjen avinnstalere denne trenger ikke og ligge søke hele tiden.

C:\Program Files\Logitech\Desktop Messenger\

 

Når dette gjort.

 

Restart og en ny HijackThis logg.

Endret 10. april 2008 av SNIPPSAT

[eblth]

Ny HijackThis-logg:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:19:15, on 11.04.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8392 bytes

[snippsat]

Da er du ren for viurs-spyware

 

Kjører pcen greit kan du gjøre dette.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Defragmering kan være greit og gjøre nå.

Auslogics Disk Defrag + Free Registry Defrag

 

Surf trygt.

[eblth]

Hallo igjen:)

 

PCen funker kjempegreit, så takk igjen for all hjelp.

Et lite spørsmål som kanskje noen kan svare på:

Etter denne spyware-krigen for en stund siden har jeg ikke hatt mulighet til å se "forhåndsvisning" av bilder. Dvs, bildefiler er helt hvite, selv om de er satt til "store bilder". Alt man ser er en hvit firkant med navnet på fila under. Jeg må altså åpne fila for å se hva slags bilde det er. Bakgrunnsbildet har også blitt svart, uten at jeg kan skifte det...

 

Takk igjen for svar

[Green_Monster]

Stjeler litt plass i tråden din Mr Fungus i håp om at snippsat ser den

 

Snippsat - Vil/gidder/orker du å hjelpe meg med HJ log og hjelpe meg etter denne være så snill?

Endret 19. mai 2008 av Cri