bokhylle Skrevet 2. mai 2008 Rapporter Del Skrevet 2. mai 2008 Hei! Kan noen være så snill å ta en titt på loggene mine? HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:46:09, on 02.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\OneStepSearch\onestep.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\OneStepSearch\onestep.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\system32\CTPdeSrv.exe C:\Programfiler\Mozilla Firefox 3 Beta 5\firefox.exe C:\Documents and Settings\Administrator\Skrivebord\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Programfiler\OneStepSearch\onestep.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 7520 bytes ComboFix: ComboFix 08-05-01.1 - Administrator 2008-05-02 14:43:45.1 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Programdata\inst.exe C:\WINDOWS\system32\d22sx4d6.dll . ((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))) . 2008-05-02 13:39 . 2008-05-02 13:39 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-02 13:39 . 2008-05-02 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-02 13:39 . 2008-05-02 13:39 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-05-02 12:03 . 2008-05-02 14:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-05-02 12:02 . 2008-05-02 12:02 <DIR> d-------- C:\Programfiler\CCleaner 2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Programfiler\IconTweaker 2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\IconTweaker 2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\IconTweaker 2008-04-27 07:00 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2008-04-27 07:00 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf 2008-04-27 06:53 . 2008-04-27 06:53 <DIR> d-------- C:\WINDOWS\icons 2008-04-27 06:53 . 2008-05-02 14:38 <DIR> d-------- C:\Programfiler\OneStepSearch 2008-04-27 06:53 . 2008-04-27 06:53 <DIR> d-------- C:\Programfiler\FileSubmit 2008-04-27 06:53 . 2008-04-27 06:55 <DIR> d-------- C:\Programfiler\AdVantage 2008-04-27 02:36 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll 2008-04-27 02:36 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll 2008-04-27 02:36 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll 2008-04-27 02:36 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-04-27 02:36 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-04-27 02:36 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-04-27 02:36 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll 2008-04-27 02:10 . 2008-04-27 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\vsosdk 2008-04-27 01:24 . 2008-04-27 01:24 47,360 --a------ C:\Documents and Settings\Administrator\Programdata\pcouffin.sys 2008-04-24 19:21 . 2008-04-24 19:21 <DIR> d-------- C:\Programfiler\Razer 2008-04-24 19:21 . 2006-11-23 05:55 73,728 --a------ C:\WINDOWS\system32\DeathAdder.cpl 2008-04-23 21:01 . 2008-04-23 21:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-23 21:01 . 2008-04-23 21:01 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-23 20:56 . 2008-04-23 20:56 <DIR> d-------- C:\Programfiler\TVUPlayer 2008-04-23 20:56 . 2008-04-23 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TVU Networks 2008-04-23 20:56 . 2008-04-23 20:56 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\TVU Networks 2008-04-23 20:56 . 2008-04-23 20:56 <DIR> d-------- C:\Documents and Settings\Administrator\LocalLow 2008-04-23 20:52 . 2008-04-23 20:52 <DIR> d-------- C:\Programfiler\SopCast 2008-04-19 11:58 . 2008-05-02 13:57 <DIR> d-------- C:\Programfiler\Mozilla Firefox 3 Beta 5 2008-04-08 15:08 . 2008-04-08 15:08 <DIR> d-------- C:\Programfiler\Activision 2008-04-06 13:14 . 2008-04-06 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Logishrd . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-02 12:55 --------- d-----w C:\Documents and Settings\Administrator\Programdata\uTorrent 2008-05-02 12:38 --------- d-----w C:\Programfiler\DAEMON Tools 2008-05-02 11:38 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-01 23:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2008-05-01 23:28 62,209 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-05-01 16:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater 2008-04-29 17:39 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Azureus 2008-04-27 01:21 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Vso 2008-04-27 00:36 --------- d-----w C:\Programfiler\VSO 2008-04-26 23:24 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-04-26 20:00 --------- d-----w C:\Programfiler\HLSW 2008-04-24 19:23 --------- d-----w C:\Programfiler\World of Warcraft 2008-04-24 19:22 --------- d-----w C:\Programfiler\Ubisoft 2008-04-24 17:21 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-23 17:23 --------- d-----w C:\Programfiler\Mozilla Thunderbird 2008-04-18 13:38 --------- d-----w C:\Documents and Settings\Administrator\Programdata\mIRC 2008-04-17 13:13 --------- d-----w C:\Documents and Settings\Administrator\Programdata\LimeWire 2008-04-11 12:45 --------- d-----w C:\Programfiler\Picasa2 2008-04-10 06:39 --------- d-----w C:\Programfiler\uTorrent 2008-04-06 11:15 --------- d-----w C:\Programfiler\Fellesfiler\logishrd 2008-04-06 11:14 --------- d-----w C:\Programfiler\Logitech 2008-04-06 00:58 --------- d-----w C:\Programfiler\LimeWire 2008-04-04 22:35 --------- d-----w C:\Programfiler\Opera 2008-04-01 15:28 --------- d-----w C:\Documents and Settings\Administrator\Programdata\AVG7 2008-03-28 15:02 --------- d-----w C:\Programfiler\RayV 2008-03-28 14:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\PC Drivers HeadQuarters 2008-03-23 06:22 --------- d-----w C:\Programfiler\DC++ 2008-03-23 04:21 --------- d-----w C:\Documents and Settings\Administrator\Programdata\dvdcss 2008-03-23 04:01 --------- d-----w C:\Programfiler\Funcom 2008-03-23 03:56 --------- d-----w C:\Programfiler\Ny mappe 2008-03-22 19:02 --------- d-----w C:\Programfiler\Unreal Tournament 3 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 16:17 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Ventrilo 2008-03-19 12:25 --------- d--h--w C:\Documents and Settings\Administrator\Programdata\IFViewer 2008-03-17 22:48 --------- d-----w C:\Programfiler\Fellesfiler\Thraex Software 2008-03-13 16:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\nView_Profiles 2008-03-06 14:44 --------- d-----w C:\Programfiler\A123 All to mp3 Converter 2008-03-06 14:36 --------- d-----w C:\Programfiler\AML Products 2008-03-05 14:24 --------- d-----w C:\Programfiler\Google 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:05 658,944 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20 81920] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Svchost Services"="mssvcs.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 19:49 16269312 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-17 14:52 579584] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "DeathAdder"="C:\Programfiler\Razer\DeathAdder\razerhid.exe" [2007-09-07 15:54 159744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Svchost Services"="mssvcs.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 14:35 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^MagicDisc.lnk] path=C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^OpenOffice.org 2.2.lnk] path=C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\OpenOffice.org 2.2.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] --a------ 2007-11-05 11:12 884176 C:\Programfiler\AdVantage\AdVantage.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 09:27 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2007-04-10 09:15 868352 C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-04 00:29 165784 C:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-08-15 20:15 271672 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2007-10-25 16:33 563984 C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-10-25 16:37 2178832 C:\Programfiler\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Corporation Svchost Services] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] C:\Programfiler\Eset\nod32kui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] --a------ 2006-02-13 18:33 214648 C:\Programfiler\Octoshape Streaming Services\Administrator\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-02-26 03:23 443968 C:\Programfiler\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip] --a------ 2006-11-06 14:35 722176 c:\programfiler\powerstrip\pstrip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-07 02:05 200704 C:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV] --a------ 2008-03-25 18:21 4558848 C:\Programfiler\RayV\RayV\RayV.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] C:\Programfiler\Save\Save.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-05-15 00:22 35328 C:\Programfiler\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avgemc.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Cyanide\\GameCenter\\GameCenter.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"= "C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"= "C:\\Programfiler\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"= "C:\\Programfiler\\Ubisoft\\Lost Via Domus\\gu.exe"= "C:\\Programfiler\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"= "C:\\Programfiler\\RayV\\RayV\\RayV.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21] R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 12:35] S2 SPF4;Sunbelt Personal Firewall 4;"C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21] S3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32] S3 PciCon;PciCon;D:\PciCon.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9af752c1-f5ac-11dc-944f-00301b43d25d}] \Shell\AutoRun\command - M:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3b29dbc-b937-11dc-9408-00301b43d25d}] \Shell\AutoRun\command - L:\wd_windows_tools\setup.exe *Newly Created Service* - CATCHME *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-02 14:54:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-02 14:59:05 ComboFix-quarantined-files.txt 2008-05-02 12:58:52 Pre-Run: 191,428,706,304 byte ledig Post-Run: 191,436,390,400 byte ledig 231 --- E O F --- 2008-04-11 17:06:13 SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/02/2008 at 02:10 PM Application Version : 4.0.1154 Core Rules Database Version : 3451 Trace Rules Database Version: 1443 Scan type : Complete Scan Total Scan Time : 00:29:25 Memory items scanned : 511 Memory threats detected : 2 Registry items scanned : 6300 Registry threats detected : 39 File items scanned : 20201 File threats detected : 13 Adware.OneStepSearch C:\PROGRAMFILER\ONESTEPSEARCH\ONESTEP.EXE C:\PROGRAMFILER\ONESTEPSEARCH\ONESTEP.EXE C:\PROGRAMFILER\ONESTEPSEARCH\ONESTEP.DLL C:\PROGRAMFILER\ONESTEPSEARCH\ONESTEP.DLL HKLM\Software\OneStepSearch HKLM\Software\OneStepSearch#Primary HKLM\Software\OneStepSearch#DllPath HKLM\Software\OneStepSearch#Version HKLM\Software\OneStepSearch#Partner HKLM\Software\OneStepSearch#Src HKLM\Software\OneStepSearch#ShowToolbarButton HKLM\Software\OneStepSearch#ShowBarSign HKLM\Software\OneStepSearch#UpdateTimeH HKLM\Software\OneStepSearch#UpdateTimeL HKLM\Software\OneStepSearch#Cid HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00\Control#ActiveService HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch#UninstallString HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Type HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Start HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Description HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Security HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#NextInstance C:\Programfiler\OneStepSearch\home.js C:\Programfiler\OneStepSearch\osopt.exe C:\Programfiler\OneStepSearch\readme.html C:\Programfiler\OneStepSearch\uninstall.exe C:\Programfiler\OneStepSearch C:\WINDOWS\Prefetch\ONESTEP.EXE-01EF41B4.pf Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt Adware.WhenU C:\PROGRAMFILER\DAEMON TOOLS\SETUPDTSB.EXE Spyware.RelevantKnowledge C:\SYSTEM VOLUME INFORMATION\_RESTORE{5535F31B-E2A4-4BD2-AAAA-BA14CD032371}\RP274\A0094625.EXE Trojan.Unclassified-Packed/Suspicious C:\WINDOWS\SYSTEM32\B4FM.DLL Trace.Known Threat Sources C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5XO5JSMQ\upgrade[1].cab Takk Lenke til kommentar
norbat Skrevet 2. mai 2008 Rapporter Del Skrevet 2. mai 2008 Kunne du ha postet en ny hjt-logg (den som ligger der er kjørt før combofix og sas). Lenke til kommentar
bokhylle Skrevet 2. mai 2008 Forfatter Rapporter Del Skrevet 2. mai 2008 Kjørte en ny akkurat nå: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:07:03, on 02.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\Mozilla Firefox 3 Beta 5\firefox.exe C:\Documents and Settings\Administrator\Skrivebord\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 7652 bytes Lenke til kommentar
norbat Skrevet 2. mai 2008 Rapporter Del Skrevet 2. mai 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe Bruk utforsker og slett, hvis tilstede, følgende mappe: C:\Programfiler\OneStepSearch Ut over dette ser loggene greie ut. Hvordan kjører PC-en? Lenke til kommentar
bokhylle Skrevet 2. mai 2008 Forfatter Rapporter Del Skrevet 2. mai 2008 Gjort. Fant ikke OneStepSearch, men PC-en kjører egentlig ganske bra nå. Takk. Lenke til kommentar
norbat Skrevet 2. mai 2008 Rapporter Del Skrevet 2. mai 2008 Da kan du fjerne combofix ved å skrive combofix /u fra kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingsmappa slik at du ikke blir infisert ved en evt. sys.gjenoppretting senere. Surf trygt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå