AncientLooper Skrevet 2. desember 2008 Del Skrevet 2. desember 2008 (endret) Malwarebytes Anti-Malware Denne fant en fil, men jeg lurer på hva det er... Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.30Database versjon: 1445 Windows 6.1.6801 02.12.2008 14:43:47 mbam-log-2008-12-02 (14-43-40).txt Skanntype: Rask Skann Objekter skannet: 37633 Tid tilbakelagt: 1 minute(s), 0 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix funka ikke... Hijack This Klikk for å se/fjerne innholdet nedenfor ogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:55:30, on 02.12.2008 Platform: Unknown Windows (WinNT 6.01.2705) MSIE: Internet Explorer v8.00 (8.00.6801.0000) Boot mode: Normal Running processes: F:\Program Files (x86)\Steam\Steam.exe F:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe F:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe F:\Program Files\Alwil Software\Avast4\ashDisp.exe F:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe F:\Program Files (x86)\Opera\opera.exe F:\Program Files\Alwil Software\Avast4\ashSimpl.exe F:\Users\Jan Ole\Desktop\Other\HiJackThis\HIJack.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] "F:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKCU\..\Run: [steam] "f:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "F:\Users\Jan Ole\AppData\Local\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu" O4 - HKCU\..\Run: [ehTray.exe] F:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - F:\Windows\System32\alg.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - F:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - F:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - F:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - F:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - F:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - F:\Windows\system32\lsass.exe (file missing) O23 - Service: Performance Service (nTuneService) - NVIDIA - F:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - F:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - F:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - F:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - F:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - F:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - F:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - F:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - F:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - F:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - F:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - F:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - F:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - F:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - F:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - F:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6367 bytes Kjører også Avast! akuratt nå. Liker å være trygg Endret 2. desember 2008 av LooperNor Lenke til kommentar
norbat Skrevet 2. desember 2008 Del Skrevet 2. desember 2008 (endret) NoActiveDesktopChanges er knyttet til din mulighet til å endre, slå av etc. aktiv desktop. Er den aktivert (noe du kan ha gjort selv), så er siden låst (du kan ikke aktivere eller deaktivere samt konfigurere Aktiv desktop). Om du ikke kjenner noe til dette, kan du godt la mbam fixe oppføringen. Endret 2. desember 2008 av norbat Lenke til kommentar
AncientLooper Skrevet 2. desember 2008 Forfatter Del Skrevet 2. desember 2008 Ok. Jeg skal altså bare slette den dersom jeg ikke vet noe om det? Kan det være p.g.a den at Desktop Slideshow i Windows 7 ikke virket? Ellers så det bra ut? Lenke til kommentar
norbat Skrevet 2. desember 2008 Del Skrevet 2. desember 2008 Ja, resten ser fint ut. Du kan kjøre mbam på nytt og la prog. slette oppføringen den finner. Lenke til kommentar
AncientLooper Skrevet 2. desember 2008 Forfatter Del Skrevet 2. desember 2008 En venn av meg kjørte også MBAM og hijackthis: Så ut som om han hadde mye smårusk. MBAM-logg Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.30 Database versjon: 1306 Windows 5.1.2600 Service Pack 3 02.12.2008 17:15:57 mbam-log-2008-12-02 (17-15-47).txt Skanntype: Rask Skann Objekter skannet: 59763 Tid tilbakelagt: 5 minute(s), 3 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 4 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> No action taken. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programfiler\registrysmart\ (Rogue.RegistrySmart) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programfiler\registrysmart\microsoft.vc80.mfc\ (Rogue.RegistrySmart) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\RegistrySmart (Rogue.RegistrySmart) -> No action taken. C:\Programfiler\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> No action taken. C:\Documents and Settings\HP_Eier\Programdata\RegistrySmart (Rogue.RegistrySmart) -> No action taken. C:\Documents and Settings\HP_Eier\Programdata\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken. Filer infisert: C:\Documents and Settings\HP_Eier\Programdata\RegistrySmart\Log\2007 Dec 30 - 08_47_25 PM_828.log (Rogue.RegistrySmart) -> No action taken. C:\Documents and Settings\HP_Eier\Programdata\RegistrySmart\Log\2007 Dec 30 - 08_47_40 PM_343.log (Rogue.RegistrySmart) -> No action taken. Hijack-This: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37, on 2008-12-02 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe C:\Programfiler\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Programfiler\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Programfiler\Widcomm\Bluetooth Software\BTTray.exe C:\Programfiler\Widcomm\Bluetooth Software\BTStackServer.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunes.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\HP_Eier\Skrivebord\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe O4 - HKLM\..\Run: [WINREMOTE] C:\Programfiler\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [CTDVDDET] C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [statusClient 2.6] C:\Programfiler\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programfiler\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13184 bytes Lenke til kommentar
norbat Skrevet 2. desember 2008 Del Skrevet 2. desember 2008 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
AncientLooper Skrevet 2. desember 2008 Forfatter Del Skrevet 2. desember 2008 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Han prøvde, men det funka ikke :/ Lenke til kommentar
norbat Skrevet 2. desember 2008 Del Skrevet 2. desember 2008 Restart pc'n i sikker modus (tapp F8 under oppstart). Prøv og kjør combofix på nytt. Lenke til kommentar
AncientLooper Skrevet 2. desember 2008 Forfatter Del Skrevet 2. desember 2008 Restart pc'n i sikker modus (tapp F8 under oppstart). Prøv og kjør combofix på nytt. Fortalte han, men han sier han ikke orker hvis det er så mye jobb :/ Lenke til kommentar
norbat Skrevet 2. desember 2008 Del Skrevet 2. desember 2008 Der er ikke så mye jobb Trykk flere ganger på F8 tasten under oppstart, velg Sikker modus, logg seg inn på sin bruker, kjør combofix som ligger på skrivebordet. Lenke til kommentar
AncientLooper Skrevet 2. desember 2008 Forfatter Del Skrevet 2. desember 2008 Der er ikke så mye jobb Trykk flere ganger på F8 tasten under oppstart, velg Sikker modus, logg seg inn på sin bruker, kjør combofix som ligger på skrivebordet. I know, I know... Han vil likevel ikke :/ Hans PC... Lenke til kommentar
norbat Skrevet 2. desember 2008 Del Skrevet 2. desember 2008 Ok. Be vedkommende om å kjøre en rask skann med mbam. Ser loggen ren ut så avslutter vi med det Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå