J@9 Skrevet 4. september 2008 Del Skrevet 4. september 2008 Hei. Sliter litt med at det spretter opp virus varsler i tide og utide Bruker Avira Antivir free edition. Det er som regel samme filene som blir varslet hver gang, husker ikke helt hva det står på dem i farta. Men den ene heter noe sånt som portal[1].htm Har også et annet merkelig problem på maskinen.. Har flytta om litt på rommet mitt, og koblet derfor ifra pc'en.. Da sto den uten strøm i 1-2 dager (ikke at det skal ha noe å si men), og når jeg da slo den på igjen hadde jeg fått et nytt brukernavn.. dette brukernavet kalles: IUSER_Admin, og det er passord beskyttet, dette er ikke noe jeg selv har lagd, eller noe andre her. Kjørte Ophcrack mot det, og fant ut at passordet er 1A2b3C4d eller noe sånt, prøvde å logge inn, men alt hang seg etter velkomst skjermen, og jeg fikk beskjed om at explorer.exe hadde utført en ulovlig handlig eller noe sånt, så det ble avsluttet, prøvde å starte xplorer.exe manuelt, men det samme skjedde da også. Brukernavnet er satt opp som begrenset bruker. Prøvde å slette brukernavnet, noe som gikk fint.. men det kom tilbake ved neste reboot. Noen som har noen tips her?? eller burde jeg bare få lagt inn windows på nytt? Tror muligens jeg fikk noe dritt ganske kjappt etter at jeg la inn windows sist (for noen mnd siden), for da begynte pc'en plutselig å spille av noe reklame (kun lyd, ikke noe bilde eller film), og mp3 filer kunne plutselig begynne å hakke som ei hakkete plate, lyden hoppet mellom 2 punkter, mens telleren bare fortsatte, og om jeg spolte frem eller tilbake ble det bra igjen, så dette var noe som plutselig bare skjedde, og filene var ikke ødelagt. Kjører XP Pro SP3 med det meste av oppdateringer installert. Lenke til kommentar
raWrz Skrevet 4. september 2008 Del Skrevet 4. september 2008 (endret) innstaler Mbam og kjør en skann:) og gjør klar combofix og hijakthis som proffene vil ha logger av innen 2-3 min Endret 4. september 2008 av Submit Lenke til kommentar
J@9 Skrevet 5. september 2008 Forfatter Del Skrevet 5. september 2008 Hei igjen.. googlet problemet mitt med det nye brukernavnet, og det viste seg at det bare var å restarte i sikkermodus, kjøre "control userpasswords2" og slette det nye brukernavnet derifra. Når jeg da restarta maskinen igjen så var det borte Skal kjøre MBAM nå, også skal jeg skaffe disse andre 2 du nevnte! Mener jeg har combofix ifra før, men alltids greit å laste ned på nytt, siden jeg kan ha en eldre versjon Logger kommer snart! Lenke til kommentar
J@9 Skrevet 5. september 2008 Forfatter Del Skrevet 5. september 2008 Mbam fant over 70 feil som ble fikset! ComboFix Log: ComboFix 08-09-04.08 - J@9 2008-09-05 12:19:03.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.566 [GMT 2:00] Running from: C:\Documents and Settings\J@9\Skrivebord\Virus og anna dritt fjerning\ComboFix.exe * Created a new restore point [color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\J@9\Cookies\j@9@2o7[2].txt C:\Documents and Settings\J@9\Cookies\j@[email protected][2].txt C:\Documents and Settings\J@9\Cookies\j@9@clicktorrent[2].txt C:\Documents and Settings\J@9\Cookies\j@[email protected][2].txt C:\Documents and Settings\J@9\Cookies\j@9@serving-sys[1].txt C:\Documents and Settings\J@9\Cookies\j@9@tradedoubler[1].txt C:\WINDOWS\Install.txt C:\WINDOWS\system32\rtl60.bpl C:\WINDOWS\system32\tmp0_465487328098.bk C:\WINDOWS\system32\tmp0_517358689581.bk C:\WINDOWS\system32\tmp0_82703459718.bk C:\WINDOWS\system32\tpszxyd.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFINDING -------\Legacy_AFISICX -------\Legacy_MABIDWE -------\Legacy_MACIDWE -------\Legacy_NOXTCYR -------\Legacy_NOYTCYR -------\Legacy_PERFMONS -------\Legacy_PERFS -------\Legacy_ROUTING -------\Legacy_ROXTCTM -------\Legacy_ROYTCTM -------\Legacy_SOBICYT -------\Legacy_SOTPECA -------\Legacy_SOXPECA -------\Legacy_TDXDOWKC -------\Legacy_TDYDOWKC -------\Legacy_WSERVING -------\Legacy_WSLDOEKD ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-09-05 10:51 . 2008-09-05 10:51 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-09-05 10:51 . 2008-09-05 10:51 <DIR> d-------- C:\Documents and Settings\J@9\Programdata\Malwarebytes 2008-09-05 10:51 . 2008-09-05 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-09-05 10:51 . 2008-09-02 00:26 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-05 10:51 . 2008-09-02 00:25 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-05 01:17 . 2008-06-22 19:59 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-09-05 01:17 . 2008-06-22 19:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-09-05 01:17 . 2008-06-22 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-09-05 01:17 . 2008-06-22 19:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-09-05 01:17 . 2008-06-22 19:59 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-09-05 01:17 . 2008-06-22 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-09-05 01:17 . 2008-06-22 18:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-09-05 01:17 . 2008-06-22 19:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-09-05 01:17 . 2008-06-22 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-09-05 01:17 . 2008-06-22 19:59 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-09-05 01:17 . 2008-09-05 01:17 <DIR> d-------- C:\Documents and Settings\Administrator 2008-09-04 22:35 . 2008-09-04 23:05 8 --a------ C:\WINDOWS\system32\nvModes.dat 2008-09-04 22:28 . 2008-09-04 23:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\nView_Profiles 2008-09-04 16:16 . 2008-09-04 16:18 162,008 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-04 16:15 . 2008-09-04 16:18 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-09-04 16:15 . 2008-09-04 16:15 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-09-04 16:05 . 2008-09-04 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LogiShrd 2008-09-04 16:03 . 2008-09-04 16:03 <DIR> d-------- C:\Documents and Settings\J@9\Programdata\Logitech 2008-09-04 16:03 . 2008-09-04 16:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-09-04 16:03 . 2008-09-04 16:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-09-04 16:02 . 2008-09-04 16:02 <DIR> d-------- C:\Programfiler\Logitech 2008-09-04 16:02 . 2008-09-04 16:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd 2008-09-04 16:02 . 2008-09-04 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Logitech 2008-09-04 16:02 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-09-04 16:02 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-09-04 16:02 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-09-04 16:02 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-09-04 16:02 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll 2008-09-04 16:01 . 2008-09-04 23:20 <DIR> d-------- C:\WINDOWS\nview 2008-09-04 16:01 . 2008-09-05 12:22 186,500 --a------ C:\WINDOWS\system32\nvapps.xml 2008-09-04 16:01 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-30 11:26 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2008-08-30 11:26 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2008-08-30 11:26 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2008-08-30 11:26 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2008-08-29 13:51 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-29 13:50 . 2008-08-29 13:50 <DIR> d-------- C:\Programfiler\HP 2008-08-29 13:50 . 2008-08-29 13:50 <DIR> d-------- C:\Programfiler\Hewlett-Packard 2008-08-29 13:48 . 2008-08-29 13:53 229,382 --a------ C:\WINDOWS\hpdj3600.his 2008-08-29 13:48 . 2008-08-29 13:53 10,503 --a------ C:\WINDOWS\hpdj3600.ini 2008-08-27 23:15 . 2008-08-27 23:15 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-08-26 22:37 . 2008-08-26 22:37 <DIR> d-------- C:\Documents and Settings\J@9\Programdata\IsolatedStorage 2008-08-26 21:45 . 2008-08-26 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec 2008-08-26 21:44 . 2008-08-26 21:45 <DIR> d-------- C:\Programfiler\Symantec 2008-08-26 21:44 . 2008-08-26 21:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-08-22 16:47 . 2008-08-30 13:56 <DIR> d-------- C:\Documents and Settings\J@9\.mania_drive 2008-08-18 00:20 . 2008-08-18 00:21 345,505,792 --a------ C:\Carputer XP.iso 2008-08-16 01:45 . 2008-08-16 01:45 <DIR> d-------- C:\Programfiler\DirectX 9 2008-08-16 01:39 . 2008-08-16 01:39 <DIR> d-------- C:\Documents and Settings\J@9\Programdata\InstallShield 2008-08-15 23:40 . 2008-04-13 11:46 51,200 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2008-08-15 23:40 . 2008-04-13 11:46 51,200 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys 2008-08-15 23:40 . 2008-04-13 11:46 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2008-08-15 23:40 . 2008-04-13 11:46 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys 2008-08-15 23:40 . 2008-04-13 11:46 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2008-08-15 23:40 . 2008-04-13 11:46 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys 2008-08-15 16:20 . 2008-04-13 11:46 61,696 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys 2008-08-15 16:20 . 2008-04-13 11:46 61,696 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys 2008-08-15 16:20 . 2008-04-13 11:46 53,376 --a------ C:\WINDOWS\system32\drivers\1394bus.sys 2008-08-15 16:20 . 2008-04-13 11:46 53,376 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys 2008-08-15 16:20 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2008-08-15 16:20 . 2001-08-17 21:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys 2008-08-14 10:33 . 2008-04-14 09:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-14 10:26 . 2008-08-14 10:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-08-13 20:40 . 2008-08-13 20:40 <DIR> d-------- C:\Documents and Settings\J@9\Programdata\DivX 2008-08-13 16:04 . 2008-08-13 16:04 <DIR> d-------- C:\Programfiler\proDAD 2008-08-13 16:04 . 2008-08-13 16:04 <DIR> d-------- C:\Programfiler\LooksBuilderSE 2008-08-13 16:04 . 2008-08-13 16:04 <DIR> d-------- C:\Documents and Settings\J@9\Programdata\proDAD 2008-08-13 16:04 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-08-13 16:03 . 2003-06-26 10:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll 2008-08-13 16:03 . 2003-07-01 16:49 69,632 --a------ C:\WINDOWS\system32\MtxPreview.dll 2008-08-13 16:03 . 2003-07-01 16:49 49,152 --a------ C:\WINDOWS\system32\MtxParhBFXPreview.dll 2008-08-13 16:03 . 2003-01-20 09:08 49,152 --a------ C:\WINDOWS\system32\CvoAPI.dll 2008-08-13 16:03 . 2003-07-09 10:43 45,056 --a------ C:\WINDOWS\system32\BFXSrcFilter.ax 2008-08-13 16:03 . 2007-12-12 19:02 0 --a------ C:\WINDOWS\Graffiti5.2Pin.ini 2008-08-13 16:02 . 2008-08-13 16:03 <DIR> d-------- C:\Programfiler\Boris FX, Inc 2008-08-13 16:00 . 2005-09-23 23:18 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys 2008-08-13 15:59 . 2008-08-13 15:59 <DIR> d-------- C:\Programfiler\Fellesfiler\Pinnacle 2008-08-13 15:59 . 2008-08-13 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Pinnacle Studio Ultimate 2008-08-13 15:50 . 2008-08-13 16:01 <DIR> d-------- C:\Programfiler\Pinnacle 2008-08-13 15:50 . 2008-08-13 15:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Yahoo! 2008-08-13 15:50 . 2008-08-13 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Studio 12 2008-08-13 15:50 . 2008-08-13 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Pinnacle Studio Plus 2008-08-13 15:46 . 2008-08-13 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Pinnacle 2008-08-13 13:55 . 2008-08-13 13:55 <DIR> d-------- C:\Programfiler\Avira 2008-08-13 13:55 . 2008-08-13 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira 2008-08-11 23:32 . 2007-06-22 12:34 1,419,232 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll 2008-08-11 23:32 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-08-11 23:32 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-11 23:32 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-11 23:32 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-08-11 23:32 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 10:23 --------- d-----w C:\Documents and Settings\J@9\Programdata\Hamachi 2008-09-04 20:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\PC Suite 2008-09-04 14:02 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-22 14:44 --------- d-----w C:\Programfiler\nLite 2008-08-19 07:33 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-08-18 20:53 --------- d-----w C:\Documents and Settings\J@9\Programdata\Winamp 2008-08-14 08:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-08-13 11:58 --------- d-----w C:\Programfiler\ESET 2008-08-11 21:32 --------- d-----w C:\Programfiler\Nokia 2008-08-11 21:21 --------- d-----w C:\Programfiler\Fellesfiler\Nokia 2008-08-11 21:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-17 20:01 --------- d-----w C:\Programfiler\PowerISO 2008-07-11 17:14 --------- d-----w C:\Programfiler\Java 2008-07-11 17:13 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-07-08 20:06 --------- d-----w C:\Programfiler\SignSIS-GUI 2008-07-08 19:23 --------- d-----w C:\Programfiler\MSBuild 2008-07-08 19:18 --------- d-----w C:\Programfiler\Reference Assemblies 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-22 20:03 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-06 20:25 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll 2008-06-06 20:25 8,247,296 ----a-w C:\WINDOWS\system32\wmploc.dll 2008-06-06 20:25 603,648 ----a-w C:\WINDOWS\system32\wmspdmod.dll 2008-06-06 20:25 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll 2008-06-06 20:25 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll 2008-06-06 20:25 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll 2008-06-06 20:25 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll 2008-06-06 20:25 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll 2008-06-06 20:25 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll 2008-06-06 20:25 1,329,152 ----a-w C:\WINDOWS\system32\wmspdmoe.dll 2008-06-06 20:22 992,256 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-06-06 20:22 1,573,376 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2008-06-06 20:21 26,112 ----a-w C:\WINDOWS\system32\idndl.dll 2008-06-06 20:21 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll 2008-06-06 20:21 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll 2008-06-06 20:20 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-06-06 20:20 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2008-06-06 20:20 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2008-06-06 20:20 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2008-06-06 20:19 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2008-06-06 20:19 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2008-06-06 20:19 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2008-06-06 20:18 17,408 ----a-w C:\WINDOWS\system32\corpol.dll 2008-06-06 20:17 71,680 ----a-w C:\WINDOWS\system32\admparse.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896] "PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808] "StatBar"="C:\Programfiler\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MULTIMEDIA KEYBOARD"="C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-23 167936] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 36352] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Norton Ghost 9.0"="C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304] "HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472] "HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 176128] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016] "nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] C:\Documents and Settings\J@9\Start-meny\Programmer\Oppstart\ hamachi.lnk - C:\Programfiler\Hamachi\hamachi.exe [2008-06-23 625952] Microsoft Office Outlook.lnk - C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE [2008-05-21 12844576] Replicator.lnk - C:\Programfiler\Karen's Power Tools\Replicator\PTReplicator.exe [2007-03-29 980728] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-09-04 805392] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "1"= avnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll "VIDC.YV12"= yv12vfw.dll "vidc.mjpg"= pvmjpg30.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "D:\\Spill\\TrackMania United\\TmUnited.exe"= "C:\\Programfiler\\TmUnitedForever\\TmForever.exe"= "D:\\Programmer\\Pinnacle\\Studio 12\\Programs\\RM.exe"= "D:\\Programmer\\Pinnacle\\Studio 12\\Programs\\Studio.exe"= "D:\\Programmer\\Pinnacle\\Studio 12\\Programs\\umi.exe"= R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 138780] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656] R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 46779] R2 nhksrv;Netropa NHK Server;C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672] S2 mshlpkd;Microsoft File Mapping Service;C:\WINDOWS\system32\mshlp.exe [2008-04-14 62464] S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2003-09-19 759050] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27715fbe-6834-11dd-95b7-0016ec9bc405}] \Shell\AutoRun\command - M:\Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8cddad-5478-11dd-95ad-0016ec9bc405}] \Shell\AutoRun\command - N:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://codecs.r8.org/ O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Åpne bilde i Microsoft Photo&Draw - C:\PROGRA~1\MICROS~2\Office\1044\phdintl.dll/phdContext.htm . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2008-09-05 12:22:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\gearsec.exe C:\Programfiler\Netropa\Multimedia Keyboard\Traymon.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programfiler\Netropa\Onscreen Display\osd.exe C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Completion time: 2008-09-05 12:25:37 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-05 10:25:22 Pre-Run: 1,252,978,688 byte ledig Post-Run: 2,152,955,904 byte ledig 317 --- E O F --- 2008-08-27 21:16:02 HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:09, on 05.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Programfiler\Winamp\winampa.exe C:\WINDOWS\system32\devldr32.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Programfiler\Globe Software\StatBar\StatBar.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\Programfiler\Hamachi\hamachi.exe C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE C:\WINDOWS\System32\GEARSec.exe C:\Programfiler\Netropa\Multimedia Keyboard\TrayMon.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programfiler\Netropa\Onscreen Display\OSD.exe C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\Documents and Settings\J@9\Skrivebord\Virus og anna dritt fjerning\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://codecs.r8.org/"]http://codecs.r8.org/[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [statBar] C:\Programfiler\Globe Software\StatBar\StatBar.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - S-1-5-18 Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Microsoft Office Outlook.lnk = C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE (User 'SYSTEM') O4 - S-1-5-18 Startup: Replicator.lnk = C:\Programfiler\Karen's Power Tools\Replicator\PTReplicator.exe (User 'SYSTEM') O4 - .DEFAULT Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe (User 'Default user') O4 - .DEFAULT Startup: Microsoft Office Outlook.lnk = C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE (User 'Default user') O4 - .DEFAULT Startup: Replicator.lnk = C:\Programfiler\Karen's Power Tools\Replicator\PTReplicator.exe (User 'Default user') O4 - Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe O4 - Startup: Microsoft Office Outlook.lnk = C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE O4 - Startup: Replicator.lnk = C:\Programfiler\Karen's Power Tools\Replicator\PTReplicator.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne bilde i Microsoft Photo&Draw - res://C:\PROGRA~1\MICROS~2\Office\1044\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [url="http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1215796475_f4822e579ba29ce85c8237642c6eaed3&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab"]http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab[/url] O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Microsoft File Mapping Service (mshlpkd) - Unknown owner - C:\WINDOWS\system32\mshlp.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10264 bytes Sånn, da får proffene ta over PS, etter at jeg kjørte ComboFix så fikk jeg tilbake det derre IUSER_Admin brukernavnet Lenke til kommentar
snippsat Skrevet 5. september 2008 Del Skrevet 5. september 2008 (endret) Start->kjør->cmd Skriv inn fet tekst sc stop mshlpkd sc delete mshlpkd --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Ikke bruk både skjult tekst og codebox Da ser det greit ut,bruk pcen litt og gi tilbakemelding. Endret 5. september 2008 av SNIPPSAT Lenke til kommentar
J@9 Skrevet 5. september 2008 Forfatter Del Skrevet 5. september 2008 Da er alt du sa gjort, fikk fiksa bortimot 220 feil i registeret. Så nå gjenstår det bare å bruke maskina litt, også finne ut om dette nye brukernavnet fremdeles er her.. hvis det er her får jeg starte i sikkermodus og få fjerna det igjen. Men, med det samme jeg har denne tråden her.. Sitter også med en bærbar her nå (ikke min, men fikk beskjed om å ta en titt på den). La inn windows på den for et par mnd siden.. og nå er den veeeldig treg.. den har stått å kjørt MBAM (fullstendig scan, kun disk c) i 4 timer og 47 min. Den har scannet 95 000 filer, og er ikke ferdig enda. Gjorde det samme på min maskin, den scannet vel 60-70 000 filer på ca 15-20 min. Noen forslag til hva problemene på den kan være? Og MBAM har ikke funnet noe feil enda. Bør jeg prøve combofix, hijackthis (poste logger) og kjøre CCleaner på denne også? Lenke til kommentar
snippsat Skrevet 5. september 2008 Del Skrevet 5. september 2008 (endret) kun disk c) i 4 timer og 47 min. Er det en eldere laptop kan hdd gå 4200rpm = treg. Alle nyere hdd på stasjoner går på 7200rpm og oppover. Du kan godt poste logger,så får du et sikkert svar. Endret 5. september 2008 av SNIPPSAT Lenke til kommentar
J@9 Skrevet 5. september 2008 Forfatter Del Skrevet 5. september 2008 Er nok ikke så gamle maskina. Er en HP Pavilion dv8000 serie maskin. Men her kommer ihvertfall noen logger, og uten codebox denne gangen ComboFix: ComboFix 08-09-04.09 - Eier 2008-09-05 19:12:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.565 [GMT 2:00] Running from: C:\Documents and Settings\Eier\Skrivebord\Virus og anna drittfjerning\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-09-05 12:39 . 2008-09-05 12:39 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-09-05 12:39 . 2008-09-05 12:39 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Malwarebytes 2008-09-05 12:39 . 2008-09-05 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-09-05 12:39 . 2008-09-02 00:26 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-05 12:39 . 2008-09-02 00:25 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-30 21:47 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-30 21:42 . 2008-08-30 21:47 <DIR> d-------- C:\Programfiler\Java 2008-08-30 21:41 . 2008-08-30 21:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-08-30 19:48 . 2008-06-30 17:16 234,640 --a------ C:\WINDOWS\system32\drivers\afwcore.sys 2008-08-30 19:48 . 2007-10-25 19:17 49 --a------ C:\WINDOWS\transp.gif 2008-08-30 19:47 . 2008-06-04 17:36 1,072,722 --a------ C:\WINDOWS\system32\drivers\VBEngNT.sys 2008-08-30 19:47 . 2008-07-11 15:41 673,920 --a------ C:\WINDOWS\system32\drivers\SandBox.sys 2008-08-30 19:47 . 2008-06-30 17:16 30,864 --a------ C:\WINDOWS\system32\drivers\afw.sys 2008-08-30 19:45 . 2008-09-05 16:25 <DIR> d-------- C:\WINDOWS\system32\Filt 2008-08-30 19:45 . 2008-08-30 19:45 <DIR> d-------- C:\Programfiler\Agnitum 2008-08-30 19:44 . 2008-08-30 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Agnitum 2008-08-05 16:41 . 2008-08-05 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Fitn17 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-31 20:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-08-31 20:26 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-08-30 19:26 --------- d-----w C:\Programfiler\ESET 2008-08-27 07:14 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-27 06:04 --------- d-----w C:\Programfiler\Fitness Frenzy 2008-08-01 17:34 --------- d-----w C:\Documents and Settings\Eier\Programdata\LimeWire 2008-08-01 14:00 --------- d-----w C:\Programfiler\QuickTime 2008-07-31 18:56 --------- d-----w C:\Programfiler\Spa Mania 2008-07-24 10:01 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-07-18 18:38 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-07-13 13:34 --------- d-----w C:\Documents and Settings\Eier\Programdata\blg 2008-07-13 13:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\blg 2008-07-07 17:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\PlayFirst 2008-06-20 05:55 0 ----a-w C:\Programfiler\temp01 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "QlbCtrl.exe"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-01 344064] "SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "fssui"="C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" [2007-12-17 243240] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-08-01 413696] "OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-08-17 983360] "OutpostFeedBack"="C:\Programfiler\Agnitum\Outpost Antivirus Pro\feedback.exe" [2008-07-15 435520] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-05-12 581693] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-07-11 673920] R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-08-17 397632] R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816] R2 fsssvc;Windows Live OneCare Tryggere for familien;C:\Programfiler\Windows Live\Tryggere for familien\fsssvc.exe [2007-12-17 523816] R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2008-06-30 30864] R3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [2008-06-30 234640] R3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-07-11 33408] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424] R3 VBEngNT;VBEngNT;C:\WINDOWS\system32\DRIVERS\VBEngNT.sys [2008-06-04 1072722] R3 VBFilt;VBFilt;C:\WINDOWS\system32\Filt\VBFilt.dll [2008-07-11 158816] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 19:27:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE . ************************************************************************** . Completion time: 2008-09-05 19:37:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-05 17:36:36 Pre-Run: 57,366,220,800 byte ledig Post-Run: 58,492,035,072 byte ledig 134 --- E O F --- 2008-08-31 20:43:14 HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:39:07, on 05.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Eier\Skrivebord\Virus og anna drittfjerning\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [fssui] "C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" -autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programfiler\Agnitum\Outpost Antivirus Pro\feedback.exe" /dump:os_startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212781538671 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 9557 bytes Lenke til kommentar
snippsat Skrevet 5. september 2008 Del Skrevet 5. september 2008 Set bra ut Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå