system32-mappa kommer når jeg starter opp pc'en...

Programvare · 17. april 2007

Når jeg skrur på pc'en og windows har ladet seg så dukker system32-mappa opp av en eller annen merkelig grunn. Jeg har ikke tukla med noen innstillinger. Bare plutselig en dag jeg skrudde på maskina var det sånn. Merkelig :hmm:

Det er jo egentlig ikke noe problem, men det er fryktelig irriterende. :thumbdown:

Jeg har sjekka en såkalt startupmappe med alle tingene som dukker opp når man starter, men den var ikke der. :nei:

Slik ser det ut når jeg starter. Ps. jeg sladda bort noen ikoner

Xneon · 17. april 2007

Hey.

Har du sjekka oppstartsprogrammene?

Skriv msconfig i kjørlinja på startmenyen og velg oppstart i den menyen du kommer i da( lengst til høyre) Sjekk om det står noe der som har med sys32 å gjøre. Hvis det er noe der krysser du av i boksen til venstre...

Programvare · 17. april 2007

Jeg sjekka, men nei.

norbat · 17. april 2007

Man kan forsøke en systemgjenoppretting (tilbehør->systemverktøy->systemgjenoppretting) til en dato der ting og tang virket ok.

Microsoft har sin løsning: http://support.microsoft.com/kb/170086

Om dette ikke hjalp, ville jeg nok tatt en liten sjekk: https://www.diskusjon.no/index.php?showtopic=691246

Endret 17. april 2007 av norbat

Jarmo · 17. april 2007

Endret dato: 11. april 2007. Kl. 16.50

Syar-2003 · 17. april 2007

Dette skjer etter fjerning/avinstallering av en applikasjon som feilaktig lar register entry's bli igjen .

Fixes med regedit slik :

1.Launch the Windows Registry Editor (regedit.exe).

2.Open this registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run.

3.If the (Default) Name variable has a value of "" (an empty string), delete the Name variable. After the deletion, the value for (Default) should be "(value

not set)".

Programvare · 17. april 2007

Nå har jeg prøvd alle tipsene her, men den ondskapsfulle system32-mappa er der ennå når jeg starter opp :mad:

HJELP? :cry:

Jarmo · 17. april 2007

Nå har jeg prøvd alle tipsene her, men den ondskapsfulle system32-mappa er der ennå når jeg starter opp

HJELP?

8408249[/snapback]

Har du prøvd systemgjenoppretting tilbake til datoen før sist endret?

norbat · 17. april 2007

Nå har jeg prøvd alle tipsene her, men den ondskapsfulle system32-mappa er der ennå når jeg starter opp

HJELP?

8408249[/snapback]

1. Du har prøvd systemgjenoppretting til en dato der ting og tang virket OK? (I dette tilfellet er det antakelig snakk om før 11.april). Om du ikke får til å gjenopprette fra normal modus, starter du i sikker modus og prøver en gang til

2. Har du sjekke microsoft sin løsning? Det er snakk om to registeroppføringer,

èn under HKEY_LOCAL_MACHINE og èn i HKEY_CURRENT_USER.

3. Har du kjørt en scan med et antispywareprog og kjørt en scan med HJT slik at du har fått noen logger vi kan titte på for å se om det kan være noe der som ikke bør være der.

Endret 17. april 2007 av norbat

Programvare · 18. april 2007

Ja, jeg har prøvd 1. Null resultat

Ja, jeg har prøvd 2. Null resultat

Nei, jeg skal prøve 3, beklager

Programvare · 18. april 2007

Her er loggen etter HiuJackThis

Logfile of HijackThis v1.99.1

Scan saved at 16:19:11, on 18.04.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Norman\bin\ZANDA.EXE

C:\WINNT\system32\nvsvc32.exe

C:\Programfiler\Wireless 802.11g Monitor\WLService.exe

C:\Programfiler\Wireless 802.11g Monitor\WLanCfgG.exe

C:\WINNT\System32\svchost.exe

C:\Norman\bin\NJEEVES.EXE

C:\WINNT\Explorer.EXE

C:\Programfiler\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Programfiler\NavExcel\NavHelper\v2.0.4d\navapp.exe

C:\Program Files\Vlwx\Nunf.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe

C:\Programfiler\Wireless 802.11g Monitor\InfoMyCa.exe

C:\WINNT\system32\LVCOMSX.EXE

C:\Programfiler\Logitech\Video\LogiTray.exe

C:\Norman\bin\ZLH.EXE

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINNT\system32\ctfmon.exe

C:\WINNT\System32\svchost.exe

C:\Programfiler\Logitech\Video\FxSvr2.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Programfiler\DivX\DivX Player\DivX Player.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Microsoft Office\Office10\WINWORD.EXE

C:\Programfiler\Opera\Opera.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dagbladet.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.nextel.no/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.online.no:8080;http=proxy.online.no:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL (file missing)

O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll (file missing)

O2 - BHO: CSBHO Class - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRA~1\Comet\Bin\csbho.dll (file missing)

O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Programfiler\NavExcel Search Toolbar\NavExcelBar.dll (file missing)

O3 - Toolbar: Starware - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRA~1\Comet\Bin\csietb.dll

O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Programfiler\NavExcel Search Toolbar\NavExcelBar.dll (file missing)

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [anvshell] anvshell.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [navapp] C:\Programfiler\NavExcel\NavHelper\v2.0.4d\navapp.exe

O4 - HKLM\..\Run: [Kttdcqkb] C:\Program Files\Vlwx\Nunf.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [infoMyCa.exe] C:\Programfiler\Wireless 802.11g Monitor\InfoMyCa.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [RiskIISetup.exe] /r

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Programfiler\Ubisoft\Demo\Ghost Recon Advanced Warfighter Demo\Support\Register\RegistrationReminder.exe

O4 - Global Startup: Date Manager.lnk = C:\Programfiler\Date Manager\DateManager.exe

O4 - Global Startup: GStartup.lnk = C:\Programfiler\Fellesfiler\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\Norsk Strek AS\MSN Toolbar Suite\DS\02.05.0000.1105\nb-no\bin\WindowsSearch.exe

O4 - Global Startup: PrecisionTime.lnk = C:\Programfiler\PrecisionTime\PrecisionTime.exe

O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYNO_ZS

O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Web Rebates - file://C:\Programfiler\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?66c49746326e4252b05ed7fdb2416ff

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?66c49746326e4252b05ed7fdb2416ff

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...d9d6f067011f31e

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.exe

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winstr32 - winstr32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: R54G Wireless Service - Unknown owner - C:\Programfiler\Wireless 802.11g Monitor\WLService.exe

norbat · 18. april 2007

Hei,

Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører. Når programmet er ferdig åpnes en loggfil: combofix.txt

Hent SAS, installer, oppdater og kjør en full (Complete) scan.

Post en ny HJT-logg + loggen fra Combofix

Programvare · 18. april 2007

Nå har jeg tatt Ccleaner og combofix

her er combofix-loggen

"Roger" - 07-04-18 18:27:12 Service Pack 2

ComboFix 07-04-18.2V - Running from: C:\Documents and Settings\Roger\

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINNT\installer\12f56b.msi

C:\WINNT\installer\6140a0.msi

((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))

2007-04-18 18:24 <DIR> dr-h----- C:\DOCUME~1\Roger\Siste

2007-04-18 17:33 <DIR> d-------- C:\Programfiler\CCleaner

2007-04-18 16:22 <DIR> d-------- C:\Programfiler\MPD

2007-04-05 08:37 <DIR> d-------- C:\Programfiler\QuickTime

2007-04-04 20:47 <DIR> d-------- C:\Programfiler\Opera

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-10 20:16 -------- d-------- C:\Programfiler\msn messenger

2007-04-05 08:42 -------- d-------- C:\Programfiler\itunes

2007-04-05 08:42 -------- d-------- C:\Programfiler\ipod

2007-03-31 08:33 60326 --a------ C:\WINNT\system32\perfc014.dat

2007-03-31 08:33 384784 --a------ C:\WINNT\system32\perfh014.dat

2007-03-26 23:06 2560 --a--c--- C:\WINNT\system32\bitcometres.dll

2007-03-19 23:13 -------- d--h----- C:\Programfiler\installshield installation information

2007-03-17 15:45 292864 --a------ C:\WINNT\system32\winsrv.dll

2007-03-10 15:23 -------- d-------- C:\Programfiler\digital guitar tuner

2007-03-10 12:05 -------- d-------- C:\Programfiler\limewire

2007-03-08 17:39 577536 --a------ C:\WINNT\system32\user32.dll

2007-03-08 17:39 40960 --a------ C:\WINNT\system32\mf3216.dll

2007-03-08 17:39 281600 --a------ C:\WINNT\system32\gdi32.dll

2007-03-08 17:38 1843584 --a------ C:\WINNT\system32\win32k.sys

2007-03-06 16:42 -------- d-------- C:\Programfiler\tunatic

2007-03-03 23:43 -------- d-------- C:\Programfiler\google

2007-02-25 20:22 -------- d-------- C:\Programfiler\java

2007-02-06 20:01 100488 --a------ C:\DOCUME~1\Roger\PROGRA~1\gdipfontcachev1.dat

2007-02-05 22:19 185344 --a------ C:\WINNT\system32\upnphost.dll

2007-02-03 11:22 1164 --a------ C:\WINNT\mozver.dat

2007-02-03 11:07 0 --a------ C:\WINNT\nsreg.dat

2007-02-01 06:56 823296 --a------ C:\WINNT\system32\divx_xx0c.dll

2007-02-01 06:56 823296 --a------ C:\WINNT\system32\divx_xx07.dll

2007-02-01 06:56 802816 --a------ C:\WINNT\system32\divx_xx11.dll

2007-02-01 06:56 639066 --a------ C:\WINNT\system32\divx.dll

2007-01-31 23:27 524288 --a------ C:\WINNT\system32\divxsm.exe

2007-01-31 01:15 118784 --a------ C:\WINNT\system32\divxcodecupdatechecker.exe

2007-01-30 07:03 3596288 --a------ C:\WINNT\system32\qt-dx331.dll

2007-01-30 07:03 200704 --a------ C:\WINNT\system32\ssldivx.dll

2007-01-30 07:03 129784 --------- C:\WINNT\system32\pxafs.dll

2007-01-30 07:03 118520 --------- C:\WINNT\system32\pxinsi64.exe

2007-01-30 07:03 116472 --------- C:\WINNT\system32\pxcpyi64.exe

2007-01-30 07:03 1044480 --a------ C:\WINNT\system32\libdivx.dll

2007-01-30 06:56 73728 --a------ C:\WINNT\system32\dpl100.dll

2007-01-30 06:56 593920 --a------ C:\WINNT\system32\dpugui11.dll

2007-01-30 06:56 57344 --a------ C:\WINNT\system32\dpv11.dll

2007-01-30 06:56 53248 --a------ C:\WINNT\system32\dpugui10.dll

2007-01-30 06:56 344064 --a------ C:\WINNT\system32\dpus11.dll

2007-01-30 06:56 294912 --a------ C:\WINNT\system32\dpu11.dll

2007-01-30 06:56 294912 --a------ C:\WINNT\system32\dpu10.dll

2007-01-30 06:56 196608 --a------ C:\WINNT\system32\dtu100.dll

2007-01-19 12:53 51056 --a------ C:\WINNT\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

{1D7E3B41-23CE-469B-BE1B-A64B877923E1} C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL [x]

{35E78239-811E-4c3f-B37D-F339AC16C2C0} C:\PROGRA~1\Comet\bin\autosearch.dll [x]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Programfiler\BitComet\tools\BitCometBHO_1.1.3.19.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programfiler\google\googletoolbar4.dll

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll [x]

{D14D6793-9B65-11D3-80B6-00500487BDBA} C:\PROGRA~1\Comet\Bin\csbho.dll [x]

{D80C4E21-C346-4E21-8E64-20746AA20AEB} C:\Programfiler\NavExcel Search Toolbar\NavExcelBar.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"anvshell"="anvshell.exe"

"AdaptecDirectCD"="\"C:\\Programfiler\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""

"HPDJ Taskbar Utility"="C:\\WINNT\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"

"navapp"="C:\\Programfiler\\NavExcel\\NavHelper\\v2.0.4d\\navapp.exe"

"Kttdcqkb"="C:\\Program Files\\Vlwx\\Nunf.exe"

"SunJavaUpdateSched"="\"C:\\Programfiler\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

"InfoMyCa.exe"="C:\\Programfiler\\Wireless 802.11g Monitor\\InfoMyCa.exe"

"LVCOMSX"="C:\\WINNT\\system32\\LVCOMSX.EXE"

"LogitechVideoRepair"="C:\\Programfiler\\Logitech\\Video\\ISStart.exe "

"LogitechVideoTray"="C:\\Programfiler\\Logitech\\Video\\LogiTray.exe"

"Easy-PrintToolBox"="C:\\Programfiler\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"

"Norman ZANDA"="C:\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH"

"HP Software Update"="C:\\Programfiler\\HP\\HP Software Update\\HPWuSchd2.exe"

"RemoteControl"="C:\\Programfiler\\CyberLink\\PowerDVD\\PDVDServ.exe"

"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"

"QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Programfiler\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"

"RiskIISetup.exe"=" /r"

"Steam"=""

"ctfmon.exe"="C:\\WINNT\\system32\\ctfmon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winstr32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Exif Launcher.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Programmer\\Oppstart\\Exif Launcher.lnk"

"backup"="C:\\WINNT\\pss\\Exif Launcher.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~2\\EXIFLA~1\\QuickDCF.exe "

"item"="Exif Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="apdproxy"

"hkey"="HKLM"

"command"="\"C:\\Programfiler\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Mixer"

"hkey"="HKLM"

"command"="Mixer.exe /startup"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5

Contents of the 'Scheduled Tasks' folder

C:\WINNT\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

********************************************************************

Completion time: 07-04-18 18:34:20

C:\ComboFix-quarantined-files.txt ... 07-04-18 18:34

HER ER EN NY HTJ-LOGG

Logfile of HijackThis v1.99.1

Scan saved at 18:44:51, on 18.04.2007